Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ZipThis.exe

Overview

General Information

Sample name:ZipThis.exe
Analysis ID:1584939
MD5:22a6cb7348b496600e7151a8112cbac9
SHA1:f0cd50658868a3d347beff6977a54520c19ab640
SHA256:bf2f238d09ac55e7baf3d73c80c82d3df935daa6b94adf67a299ad3665e879e2
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Loading BitLocker PowerShell Module
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64_ra
  • ZipThis.exe (PID: 6532 cmdline: "C:\Users\user\Desktop\ZipThis.exe" MD5: 22A6CB7348B496600E7151A8112CBAC9)
    • powershell.exe (PID: 6208 cmdline: "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • chrome.exe (PID: 2712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 2068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1716,i,8243052298361241562,9731876244688689168,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • ZipThisApp.exe (PID: 4080 cmdline: "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe" MD5: 9AF46426A5C164310DDD6FB6E77D78C2)
  • rundll32.exe (PID: 1768 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • ZipThisApp.exe (PID: 5136 cmdline: "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe" MD5: 9AF46426A5C164310DDD6FB6E77D78C2)
  • Updater.exe (PID: 4780 cmdline: "C:\Users\user\AppData\Local\ZipThis\Updater.exe" MD5: 8F3972F98564FC9D1E3E5A3840A0DA85)
  • Updater.exe (PID: 4044 cmdline: "C:\Users\user\AppData\Local\ZipThis\Updater.exe" MD5: 8F3972F98564FC9D1E3E5A3840A0DA85)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1", CommandLine: "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ZipThis.exe", ParentImage: C:\Users\user\Desktop\ZipThis.exe, ParentProcessId: 6532, ParentProcessName: ZipThis.exe, ProcessCommandLine: "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1", ProcessId: 6208, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: ZipThis.exeReversingLabs: Detection: 26%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.6% probability
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: powershell.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\Updater.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: powershell.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\Updater.exeJump to behavior
Creates a software uninstall entry
Source: C:\Users\user\Desktop\ZipThis.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZipThisJump to behavior
PE / OLE file has a valid certificate
Source: ZipThis.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:57997 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58005 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58021 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58022 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58063 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.105.73:443 -> 192.168.2.16:58064 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.105.73:443 -> 192.168.2.16:58067 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58070 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: ZipThis.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: Updater.exe, 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmp, msvcp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdb source: vccorlib140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdbGCTL source: vccorlib140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: Updater.exe, 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmp, msvcp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.00000271807A5000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.00000271805D4000.00000004.00000800.00020000.00000000.sdmp, msvcp140_1.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.0000027180672000.00000004.00000800.00020000.00000000.sdmp, msvcp140_codecvt_ids.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: concrt140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.00000271805D4000.00000004.00000800.00020000.00000000.sdmp, msvcp140_1.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.0000027180672000.00000004.00000800.00020000.00000000.sdmp, msvcp140_codecvt_ids.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmp, vcruntime140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmp, msvcp140_atomic_wait.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmp, vcruntime140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmp, msvcp140_2.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.000002718077F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmp, Updater.exe, 00000016.00000002.2060408071.00007FFF46EB5000.00000002.00000001.01000000.00000018.sdmp, vcruntime140_1.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.00000271807A5000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmp, vcomp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmp, vcomp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmp, msvcp140_atomic_wait.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.000002718077F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmp, Updater.exe, 00000016.00000002.2060408071.00007FFF46EB5000.00000002.00000001.01000000.00000018.sdmp, vcruntime140_1.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmp, msvcp140_2.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: concrt140.dll.0.dr
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4DA360 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,19_2_00007FFF3C4DA360
Source: global trafficTCP traffic: 192.168.2.16:58058 -> 1.1.1.1:53
Source: global trafficHTTP traffic detected: POST /v6 HTTP/1.1Content-Type: text/plain; charset=utf-8Host: apb.thisilient.comContent-Length: 88Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /v6 HTTP/1.1Content-Type: text/plain; charset=utf-8Host: apb.thisilient.comContent-Length: 88Expect: 100-continue
Source: global trafficHTTP traffic detected: GET /st HTTP/1.1X-Event-Type: conversionHost: sts.thisilient.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /r HTTP/1.1Content-Type: text/plain; charset=utf-8Host: can.thisilient.comContent-Length: 616Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /r HTTP/1.1Content-Type: text/plain; charset=utf-8Host: can.thisilient.comContent-Length: 148Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /r HTTP/1.1Content-Type: text/plain; charset=utf-8Host: can.thisilient.comContent-Length: 148Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /r HTTP/1.1Content-Type: text/plain; charset=utf-8Host: can.thisilient.comContent-Length: 148Expect: 100-continueConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox ViewIP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox ViewIP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.21.226
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.21.226
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /st HTTP/1.1X-Event-Type: conversionHost: sts.thisilient.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf HTTP/1.1Host: www.zipthisapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/css/main.css HTTP/1.1Host: www.zipthisapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jquery-3.5.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/images/256px.png HTTP/1.1Host: www.zipthisapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/normalize/8.0.1/normalize.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /npm/@popperjs/core@2.5.2/dist/umd/popper.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/script.js HTTP/1.1Host: www.zipthisapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /postback?token=lhFuZHhnmEU0CnFSQoBpfnKQETPJWjQ7GP3E1t2mPDoV0V8KTUSNnS3kM5sdYyPJJ0QVMQZXUEqldvAwZHZAi5iWDJGd6xv3UiC5DlLHR6OuKvYbYP1MJjyWIdWHGJSzrgcElEsPIIp8kP0iaGgP7IAGMAoalPfsZh26Q030Oi9yoe26wH6WXt5cZYKE1NP1cK0xZGHj&click_id=null&gtmcb=1092898519 HTTP/1.1Host: api-advertiser.linkvertise.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/10807868703/?random=1736189526605&cv=11&fst=1736189526605&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/10807868703?random=1736189526577&cv=11&fst=1736189526577&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&label=pzUUCKf2w4MDEJ_6y6Eo&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&ct_cookie_present=0 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /activity;register_conversion=1;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=1994571191.1736189525;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf? HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: event-source, trigger;navigation-sourceReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/10807868703?random=1736189526605&cv=11&fst=1736189526605&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/ga/rul?tid=G-3D171KFV2T&gacid=1855466587.1736189527&gtm=45je4cc1v9176321766z89175374541za200zb9175374541&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1554550537 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /activityi;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=1994571191.1736189525;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf? HTTP/1.1Host: 14918961.fls.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/fls/rul/activityi;fledge=1;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=1994571191.1736189525;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf? HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/10807868703/?random=1591526551&cv=11&fst=1736189526577&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&label=pzUUCKf2w4MDEJ_6y6Eo&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&value=0&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAiIBATgBQAFKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&eitems=ChEIgJvuuwYQkveL2YT_vaegARIdALDatqwd0GhMA-ulGv4CjBVHcUPpiBTpWanhaIA&pscrd=CJfIo9OoovCraiITCI6Y_oDi4YoDFdnwEQgdnA4cBDICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLMgIIFTICCB8yAggTMgIIEjobaHR0cHM6Ly93d3cuemlwdGhpc2FwcC5jb20vQlZDaEFJZ0p2dXV3WVF6Sld3aHVMUjlaZE9FaXdBdFpocTdmSjRnQzMxMlRBQWt2Ti1RNW04Zk1acXFyVWZmY1dXUGdHOE40MVd6dVNxbW5kRjJvdkFlZw HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/10807868703/?random=1736189526605&cv=11&fst=1736186400000&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dARwfrk1l54WFoStcEeX6hETlZHX2QQ&random=328849773&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /activityi;dc_pre=CLDyl4Hi4YoDFeHtEQgdf90iTg;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=1994571191.1736189525;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf? HTTP/1.1Host: 14918961.fls.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission; ar_debug=1
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/10807868703/?random=1591526551&cv=11&fst=1736189526577&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&label=pzUUCKf2w4MDEJ_6y6Eo&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&value=0&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAiIBATgBQAFKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&pscrd=CJfIo9OoovCraiITCI6Y_oDi4YoDFdnwEQgdnA4cBDICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLMgIIFTICCB8yAggTMgIIEjobaHR0cHM6Ly93d3cuemlwdGhpc2FwcC5jb20vQlZDaEFJZ0p2dXV3WVF6Sld3aHVMUjlaZE9FaXdBdFpocTdmSjRnQzMxMlRBQWt2Ti1RNW04Zk1acXFyVWZmY1dXUGdHOE40MVd6dVNxbW5kRjJvdkFlZw&is_vtc=1&cid=CAQSGwCa7L7dZaav3QN0j-SdBgsooduPJXh94hMpkA&eitems=ChEIgJvuuwYQkveL2YT_vaegARIdALDatqw2NJESeDyyC04gzzg6aXEEyKf66TSheO8&random=4223214503 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ddm/fls/z/dc_pre=CLDyl4Hi4YoDFeHtEQgdf90iTg;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=*;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf HTTP/1.1Host: adservice.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://14918961.fls.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/images/favicon.ico HTTP/1.1Host: www.zipthisapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1994571191.1736189525; _ga=GA1.1.1855466587.1736189527; _ga_3D171KFV2T=GS1.1.1736189526.1.0.1736189526.60.0.0; uuid=2c53b67d-13cc-4a8b-8975-567a274dd0eb-c; u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf
Source: global trafficHTTP traffic detected: GET /report?event_name=thankyou-report&dataSet=report&platform=pc&infoJson=%7B%22suid%22%3A%22aa4008ff-463e-4ce6-8230-e38f8a67e3cf%22%2C%22cid%22%3A%22%22%2C%22utm_source%22%3A%22%22%2C%22_gcl_au%22%3A%221.1.1994571191.1736189525%22%2C%22_ga%22%3A%22GA1.1.1855466587.1736189527%22%2C%22_ga_3D171KFV2T%22%3A%22GS1.1.1736189526.1.0.1736189526.60.0.0%22%2C%22uuid%22%3A%222c53b67d-13cc-4a8b-8975-567a274dd0eb-c%22%2C%22u%22%3A%22aa4008ff-463e-4ce6-8230-e38f8a67e3cf%22%2C%22language%22%3A%22en-US%22%2C%22visit_num%22%3A%222c53b67d-13cc-4a8b-8975-567a274dd0eb-c%22%2C%22application%22%3A%221704805639094716%22%2C%22user_agent%22%3A%22mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F117.0.0.0%20safari%2F537.36%22%2C%22lp_id%22%3A%22success%22%7D HTTP/1.1Host: bq.zipthisapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.zipthisapp.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /update/download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0Authorization: jwe eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IlBuQkFrV01Dc1hpamJHOEYiLCJ0YWciOiI5VXhEVzJxaE84MjRzNjZzN1VQTjBnIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.4jvxkP5CHKfj4EBfr-B2bj1xVxENfRjvorzfArwjqSdRiENFafjMpeHyDrOLwEF3_ZYpWk8lXEJH6Hh8_VWp0A.QavBb7mnEDPYoiVOUApkHQ.li1zVRebxjq0fDHcW0S8hHbNwOwjkPOv5G1QKDJnCIJuw1FMPwT3kwY2n68d3YmNSoVgW70I_LGH3xddeAYVDWZb5KmJIn8VpTab1Xk4V1jwY6cJdVVDn4TgEZPIhEsZrZ_9zVG3KUgsJ0ukOSfpfMNFAsybOtYHgMGohYENHNwcWD72Y8P2wmWJy85YxxNpx7tyNDMBDKumE20v71W8NNTnKAZ_rXJV7x4gNd7chQEGtkLznPWYG3et0Q6puJG7CPxnQM-uc3Qxkeod_Q1yPQ0b9Z_Yd5rTsg8-8FcSJQqNiV_xhNRfaPTFbXVans6I.40k4pKMYgjuLx_7QOM13uWljcKw4Zh30p_OIUJKZwKEAdditional-Args: {"userID": "aa4008ff-463e-4ce6-8230-e38f8a67e3cf", "instDate": "2025-01-06 18:51:54"}Host: tzpdld.com
Source: global trafficHTTP traffic detected: GET /update/download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0Authorization: jwe eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6InBraVRoa2p1Yk9XVHNqM3oiLCJ0YWciOiJwREZqcENqLWg0bnYya0thb2tGXzV3IiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.JZI0mwzR6IsNT8flqy1jQFQsZ64klIW7KNsYjYuGu9Ch0tOvVLJSPcI2gvOFcOlhMsjd31wQhxz8qsEGTuixXw.Vp0IaxcQBOKn5EFUoUJv7A.nA8cZ1K1-j7yOSzwTUZ-iGpII2LuLh_FDTsbu5DXyIgQlY2ZWFBydv_v2ZOmuFkhrVCksBBxyqxyNSwCLdgD9EPnPEcrC0m_8H64KN8CYjTMZgFcX-gqUr0gns5zLCHBtw1Mi9cKE8Aa3RCii1TlL9Lp4TQfSI6kaK230ATlIv4IT98rcQLsOfh638EOLBak0_2HkbjWoZHjSM8ocMyMAnOqBlAjd5kHEoRrCYL1BY276dOSLRVPlUSUhvqAbhuEWyKvSwRbGt25Ysj8_cxlHkf3QMLDQw0JebDvR87c0xgdHT9s4IlIT579o6dy5HVm.c9JqSrOCzMG6i9m5kDMUx4iVTOEAYVWbaZfoQ7GKRUgAdditional-Args: {"userID": "aa4008ff-463e-4ce6-8230-e38f8a67e3cf", "instDate": "2025-01-06 18:51:54"}Host: tzpdld.com
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: apb.thisilient.com
Source: global trafficDNS traffic detected: DNS query: sts.thisilient.com
Source: global trafficDNS traffic detected: DNS query: www.zipthisapp.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global trafficDNS traffic detected: DNS query: can.thisilient.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: api-advertiser.linkvertise.com
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: analytics.google.com
Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: ad.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: 14918961.fls.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: adservice.google.com
Source: global trafficDNS traffic detected: DNS query: bq.zipthisapp.com
Source: global trafficDNS traffic detected: DNS query: tzpdld.com
Source: unknownHTTP traffic detected: POST /v6 HTTP/1.1Content-Type: text/plain; charset=utf-8Host: apb.thisilient.comContent-Length: 88Expect: 100-continueConnection: Keep-Alive
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271803EA000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.0000027180327000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apb.thisilient.com
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://can.thisilient.com
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0$
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/AcceptAffiliate.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/DeclineAffiliate.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/KeyGuardAffiliateLogo.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180001000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2192225044.000002125B5B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/dmsans-bold.ttf
Source: ZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2192225044.000002125B5B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/dmsans-medium.ttf
Source: ZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/dmsans-regular.ttf
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180224000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.0000027180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/inter-bold.ttf
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180224000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.0000027180529000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.0000027180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/inter-regular.ttf
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/wait.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ZipThis;component/ui/keyguardaffiliatewindow.xaml
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ZipThis;component/ui/pleasewaitwindow.xaml
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/AcceptAffiliate.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/DeclineAffiliate.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/KeyGuardAffiliateLogo.png
Source: ZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/dmsans-bold.ttf
Source: ZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/dmsans-medium.ttf
Source: ZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/dmsans-regular.ttf
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/wait.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/acceptaffiliate.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/declineaffiliate.png
Source: ZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/dmsans-bold.ttf
Source: ZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/dmsans-medium.ttf
Source: ZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/dmsans-regular.ttf
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/keyguardaffiliatelogo.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/wait.png
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/ui/keyguardaffiliatewindow.baml
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/ui/pleasewaitwindow.baml
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/ui/keyguardaffiliatewindow.xaml
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/ui/pleasewaitwindow.xaml
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: powershell.exe, 00000003.00000002.1305107541.0000028B93CD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png.c
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYm
Source: Updater.exe, 00000013.00000002.1914767126.00000149212FC000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1914767126.000001492126A000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD969C000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD960A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
Source: Updater.exe, 00000016.00000002.2051453295.0000025DD960A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: Updater.exe, 00000013.00000002.1914767126.00000149212FC000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1914767126.000001492126A000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD969C000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD960A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Libs
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180312000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1280693882.0000028B83C61000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2192225044.000002125B3A1000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1914767126.000001492122F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD95CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: ZipThisApp.exe, 00000012.00000002.2215601515.0000021276CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
Source: ZipThisApp.exe.0.drString found in binary or memory: http://scripts.sil.org/OFLThis
Source: ZipThis.exeString found in binary or memory: http://scripts.sil.org/OFLhttps://rsms.me/Rasmus
Source: ZipThisApp.exe.0.drString found in binary or memory: http://scripts.sil.org/OFLhttps://www.indiantypefoundry.comhttp://www.colophon-foundry.orgColophon
Source: ZipThisApp.exe, 00000012.00000002.2213250780.00000212740B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL~z
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: ZipThis.exe, 00000000.00000002.1482554123.000002718055D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sts.thisilient.com
Source: Updater.exe, 00000013.00000002.1914767126.0000014921245000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD95E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tzpdld.com
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html.c
Source: ZipThis.exe, 00000000.00000002.1525429968.00000271FE6B2000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2213250780.00000212740B7000.00000004.00000020.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2215601515.0000021276CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.colophon-foundry.org
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: powershell.exe, 00000003.00000002.1310339939.0000028B9C0CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
Source: chrome.exe, 0000000C.00000003.1482052278.000027A80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://14918961.fls.doubleclick.net/activityi;dc_pre=CLDyl4Hi4YoDFeHtEQgdf90iTg;src=14918961;type=i
Source: chrome.exe, 0000000C.00000003.1482052278.000027A80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://14918961.fls.doubleclick.net/activityi;src=14918961;type=invmedia;cat=typtd0;ord=1;num=10107
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83C61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1280693882.0000028B858E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1280693882.0000028B855A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp.c
Source: powershell.exe, 00000003.00000002.1280693882.0000028B858BD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1280693882.0000028B858E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpH
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271803D8000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.00000271802DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apb.thisilie
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apb.thisilient.com
Source: ZipThis.exeString found in binary or memory: https://apb.thisilient.com/v6
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2192225044.000002125B3A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://can.thisilient.com
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: https://can.thisilient.com/r
Source: chrome.exe, 0000000C.00000003.1407423087.000027A800C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 0000000C.00000003.1407423087.000027A800C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 0000000C.00000003.1464013454.000027A800488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 0000000C.00000003.1407367333.000027A800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406410541.000027A800CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406316251.000027A800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1464071047.000027A801DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1464252876.000027A800CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407765816.000027A800CEF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407765816.000027A800CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1464013454.000027A800488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 0000000C.00000003.1384936315.000074F0002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1384867887.000074F0002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 0000000C.00000003.1407423087.000027A800C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: powershell.exe, 00000003.00000002.1305107541.0000028B93CD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.1305107541.0000028B93CD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.1305107541.0000028B93CD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: chrome.exe, 0000000C.00000003.1469961106.000027A8003A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 0000000C.00000003.1450337770.000027A801490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 0000000C.00000003.1407423087.000027A800C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 0000000C.00000003.1407423087.000027A800C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester.c
Source: ZipThis.exeString found in binary or memory: https://github.com/rsms/inter)
Source: powershell.exe, 00000003.00000002.1280693882.0000028B85C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/#
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/)
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/1
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/7
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/:
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/F
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/L
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/S
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Y
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/_
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/c
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/e
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/h
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/n
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/t
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/z
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1392317571.0000011000878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 0000000C.00000003.1482052278.000027A80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 0000000C.00000003.1459689230.000027A801714000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 0000000C.00000003.1393588353.0000011000904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 0000000C.00000003.1392317571.0000011000878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 0000000C.00000003.1389931518.000001100071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 0000000C.00000003.1458918711.000027A8016CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: powershell.exe, 00000003.00000002.1305107541.0000028B93CD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: chrome.exe, 0000000C.00000003.2119146373.000027A8010BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 0000000C.00000003.1764514818.000027A800FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2119146373.000027A8010BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000000C.00000003.1764514818.000027A800FCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: ZipThis.exe, 00000000.00000002.1525429968.00000271FE6B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rsms.me/
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
Source: ZipThis.exe, 00000000.00000002.1482554123.000002718055D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.thisilPH
Source: ZipThis.exe, 00000000.00000002.1482554123.000002718087F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.thisilie
Source: ZipThis.exe, 00000000.00000002.1482554123.000002718055D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.thisilient.com
Source: ZipThis.exeString found in binary or memory: https://sts.thisilient.com/st
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.thisilient.comV
Source: chrome.exe, 0000000C.00000003.1463726577.000027A801D80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=14918961;type=invmedia;cat=typtd0;ord=1
Source: chrome.exe, 0000000C.00000003.1482361113.000027A8003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net/td/ga/rul?tid=G-3D171KFV2T&gacid=1855466587.1736189527&gtm=45je4cc1v91763
Source: chrome.exe, 0000000C.00000003.1470970310.000027A80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482361113.000027A8003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net/td/rul/10807868703?random=1736189526577&cv=11&fst=1736189526577&fmt=3&bg=
Source: chrome.exe, 0000000C.00000003.1482361113.000027A8003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1475333437.000027A801D60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net/td/rul/10807868703?random=1736189526605&cv=11&fst=1736189526605&fmt=3&bg=
Source: chrome.exe, 0000000C.00000003.1472480387.000027A801E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net1j8665386358
Source: Updater.exe, 00000013.00000002.1914767126.000001492126A000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1914767126.000001492122F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD960A000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD95CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tzpdld.com
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180695000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1913865226.000001491F70A000.00000002.00000001.01000000.00000015.sdmp, Updater.exe, 00000013.00000002.1914767126.0000014921191000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD9531000.00000004.00000800.00020000.00000000.sdmp, Updater.dll.0.drString found in binary or memory: https://tzpdld.com/update/auth
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180695000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1914767126.000001492126A000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1913865226.000001491F70A000.00000002.00000001.01000000.00000015.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD960A000.00000004.00000800.00020000.00000000.sdmp, Updater.dll.0.drString found in binary or memory: https://tzpdld.com/update/download
Source: chrome.exe, 0000000C.00000003.2037525031.000027A80039F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2037525031.000027A80039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=13:k5Ew9bE1Eb2VJqogSYMIe2-jekMYF1-157LPQ6
Source: ZipThis.exe, Uninstall.exe.0.dr, ZipThisApp.exe.0.dr, Updater.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: chrome.exe, 0000000C.00000003.1407765816.000027A800CEF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407765816.000027A800CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406493076.000027A800488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1464013454.000027A800488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/
Source: chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 0000000C.00000003.1472480387.000027A801E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/
Source: chrome.exe, 0000000C.00000003.1459486370.000027A801700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/destination?id=AW-10807868703&l=dataLayer&cx=c&gtm=45He4cc1v91
Source: chrome.exe, 0000000C.00000003.1480481700.000027A801E6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/static/service_worker/5160/sw.js?origin=https%3A%2F%2Fwww.zipthisap
Source: chrome.exe, 0000000C.00000003.1469961106.000027A8003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/static/service_worker/5160/sw_iframe.html?origin=https%3A%2F%2Fwww.
Source: chrome.exe, 0000000C.00000003.1430208435.000027A8002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
Source: ZipThis.exe, 00000000.00000002.1525429968.00000271FE6B2000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2215601515.0000021276CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.indiantypefoundry.com
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 0000000C.00000003.1470970310.000027A80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482361113.000027A8003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1463065683.000027A8019AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com
Source: chrome.exe, 0000000C.00000003.1470970310.000027A80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482361113.000027A8003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482052278.000027A80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1475333437.000027A801D60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2037143664.000027A8019E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/legal
Source: ZipThis.exeString found in binary or memory: https://www.zipthisapp.com/legal?
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/policy
Source: ZipThis.exeString found in binary or memory: https://www.zipthisapp.com/policy?
Source: ZipThis.exe, Uninstall.exe.0.drString found in binary or memory: https://www.zipthisapp.com/see-you-later
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.0000027180879000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=
Source: chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf&
Source: chrome.exe, 0000000C.00000003.1515254206.000027A800E70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cfZip
Source: ZipThis.exeString found in binary or memory: https://www.zipthisapp.com/success?u=wSoftware
Source: chrome.exe, 0000000C.00000003.1459486370.000027A801700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1447587259.000027A801A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zipthisapp.com/
Source: chrome.exe, 0000000C.00000003.1446501779.000027A8019EE000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1446665692.000027A8019EE000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1446699188.000027A8019EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zipthisapp.com/&
Source: chrome.exe, 0000000C.00000003.1447587259.000027A801A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zipthisapp.com/m/
Source: chrome.exe, 0000000C.00000003.1472480387.000027A801E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zipthisapp.com_default
Source: unknownNetwork traffic detected: HTTP traffic on port 58031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58017
Source: unknownNetwork traffic detected: HTTP traffic on port 58039 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58050 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58068
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58027
Source: unknownNetwork traffic detected: HTTP traffic on port 58068 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58021
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58065
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58064
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58067
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58022
Source: unknownNetwork traffic detected: HTTP traffic on port 58049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58063
Source: unknownNetwork traffic detected: HTTP traffic on port 58022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58064 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58041 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58030 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58035
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58038
Source: unknownNetwork traffic detected: HTTP traffic on port 58065 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58037
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58032
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58031
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58033
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58030
Source: unknownNetwork traffic detected: HTTP traffic on port 58040 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58070
Source: unknownNetwork traffic detected: HTTP traffic on port 58027 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58039
Source: unknownNetwork traffic detected: HTTP traffic on port 58037 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58052 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58047
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58046
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58005
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58049
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58043
Source: unknownNetwork traffic detected: HTTP traffic on port 57994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58044
Source: unknownNetwork traffic detected: HTTP traffic on port 58047 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58041
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58040
Source: unknownNetwork traffic detected: HTTP traffic on port 58007 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58005 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58007
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57996
Source: unknownNetwork traffic detected: HTTP traffic on port 58070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57997
Source: unknownNetwork traffic detected: HTTP traffic on port 58018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58014
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58013
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58016
Source: unknownNetwork traffic detected: HTTP traffic on port 58067 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58010
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58011
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58050
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58052
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58051
Source: unknownNetwork traffic detected: HTTP traffic on port 58021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58046 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58025 -> 443
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:57997 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58005 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58021 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58022 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58063 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.105.73:443 -> 192.168.2.16:58064 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.105.73:443 -> 192.168.2.16:58067 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.16:58070 version: TLS 1.2
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess Stats: CPU usage > 24%
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeCode function: 18_2_00007FFEC82C129F18_2_00007FFEC82C129F
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeCode function: 18_2_00007FFEC82C12C218_2_00007FFEC82C12C2
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C50346019_2_00007FFF3C503460
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C502C9019_2_00007FFF3C502C90
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C50550019_2_00007FFF3C505500
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4EACDC19_2_00007FFF3C4EACDC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4DBD4419_2_00007FFF3C4DBD44
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C507E1819_2_00007FFF3C507E18
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C50A5FC19_2_00007FFF3C50A5FC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4E65DC19_2_00007FFF3C4E65DC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C5015DC19_2_00007FFF3C5015DC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C50465019_2_00007FFF3C504650
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C509F0819_2_00007FFF3C509F08
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4F470819_2_00007FFF3C4F4708
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4F4FA819_2_00007FFF3C4F4FA8
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4F07C819_2_00007FFF3C4F07C8
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4F388019_2_00007FFF3C4F3880
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4FA84019_2_00007FFF3C4FA840
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4E718419_2_00007FFF3C4E7184
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4E693419_2_00007FFF3C4E6934
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4EA1BC19_2_00007FFF3C4EA1BC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4DB9B819_2_00007FFF3C4DB9B8
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4DF1A019_2_00007FFF3C4DF1A0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4E89A019_2_00007FFF3C4E89A0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C508AEC19_2_00007FFF3C508AEC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4EF30C19_2_00007FFF3C4EF30C
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4E62A819_2_00007FFF3C4E62A8
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4DD32C19_2_00007FFF3C4DD32C
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4F2BD019_2_00007FFF3C4F2BD0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3D727CA019_2_00007FFF3D727CA0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFEC82B176019_2_00007FFEC82B1760
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 22_2_00007FFEC82BA46522_2_00007FFEC82BA465
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: String function: 00007FFEC82B1C40 appears 61 times
Source: Uninstall.exe.0.drStatic PE information: No import functions for PE file found
Source: Updater.exe.0.drStatic PE information: No import functions for PE file found
Source: ZipThisApp.exe.0.drStatic PE information: No import functions for PE file found
Source: Libs.dll.0.drStatic PE information: No import functions for PE file found
Source: ZipThis.exeStatic PE information: No import functions for PE file found
Source: ZipThis.exe, 00000000.00000002.1482554123.000002718077F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVCAMP140.DLLT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevccorlib140.DLLT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVCOMP140.DLLT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271805D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271805D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_1.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.000002718056C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameconcrt140.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.000002718056C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLibs.dll4 vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271805BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLibs.dll4 vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000000.1154007226.00000271F7B42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZipThisApp.exe6 vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000000.1154007226.00000271F7B42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUninstall.exe4 vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_2.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_atomic_wait.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180695000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdater.exe0 vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271807C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZipThisApp.exe6 vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271807C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUninstall.exe4 vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271806C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdater.exe0 vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.0000027180672000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_codecvt_ids.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000000.00000002.1482554123.00000271807A5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_threads.dllT vs ZipThis.exe
Source: ZipThis.exeBinary or memory string: OriginalFilenameZipThisApp.exe6 vs ZipThis.exe
Source: ZipThis.exeBinary or memory string: OriginalFilenameUninstall.exe4 vs ZipThis.exe
Source: ZipThis.exe, ProcessPathFinder.csBase64 encoded string: 'QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU=', 'QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU='
Source: Uninstall.exe.0.dr, AppRemover.csBase64 encoded string: 'QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU=', 'QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU='
Source: classification engineClassification label: mal42.winEXE@37/34@44/20
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4DA7F0 GetDiskFreeSpaceExW,_invalid_parameter_noinfo_noreturn,19_2_00007FFF3C4DA7F0
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThisJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7160:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qkxympxi.bmr.ps1Jump to behavior
Source: ZipThis.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ZipThis.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\ZipThis.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: ZipThis.exeReversingLabs: Detection: 26%
Source: ZipThis.exeString found in binary or memory: $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable -ExecutionTimeLimit (New-TimeSpan -Minutes 30)
Source: ZipThis.exeString found in binary or memory: $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable -RestartCount 2 -RestartInterval (New-TimeSpan -Minutes 10) -RunOnlyIfNetworkAvailable
Source: ZipThis.exeString found in binary or memory: 2belongings/add_circle.png>belongings/add_circle_white.pngR
Source: ZipThis.exeString found in binary or memory: /Belongings/add_circle.png
Source: ZipThis.exeString found in binary or memory: /Belongings/add_circle_white.png
Source: unknownProcess created: C:\Users\user\Desktop\ZipThis.exe "C:\Users\user\Desktop\ZipThis.exe"
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1716,i,8243052298361241562,9731876244688689168,262144 /prefetch:8
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe"
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\ZipThis\Updater.exe "C:\Users\user\AppData\Local\ZipThis\Updater.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\ZipThis\Updater.exe "C:\Users\user\AppData\Local\ZipThis\Updater.exe"
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1"Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cfJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1716,i,8243052298361241562,9731876244688689168,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasman.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msctfui.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasman.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasman.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\ZipThis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InprocServer32Jump to behavior
Source: ZipThisApp.lnk.0.drLNK file: ..\AppData\Local\ZipThis\ZipThisApp.exe
Source: Google Drive.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\ZipThis.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZipThisJump to behavior
Source: ZipThis.exeStatic PE information: certificate valid
Source: ZipThis.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: ZipThis.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: ZipThis.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: ZipThis.exeStatic file information: File size 2820904 > 1048576
Source: ZipThis.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x290400
Source: ZipThis.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: ZipThis.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: Updater.exe, 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmp, msvcp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdb source: vccorlib140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdbGCTL source: vccorlib140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: Updater.exe, 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmp, msvcp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.00000271807A5000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.00000271805D4000.00000004.00000800.00020000.00000000.sdmp, msvcp140_1.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.0000027180672000.00000004.00000800.00020000.00000000.sdmp, msvcp140_codecvt_ids.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: concrt140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.00000271805D4000.00000004.00000800.00020000.00000000.sdmp, msvcp140_1.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.0000027180672000.00000004.00000800.00020000.00000000.sdmp, msvcp140_codecvt_ids.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmp, vcruntime140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmp, msvcp140_atomic_wait.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmp, vcruntime140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmp, msvcp140_2.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.000002718077F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmp, Updater.exe, 00000016.00000002.2060408071.00007FFF46EB5000.00000002.00000001.01000000.00000018.sdmp, vcruntime140_1.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.00000271807A5000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmp, vcomp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.00000271806D9000.00000004.00000800.00020000.00000000.sdmp, vcomp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmp, msvcp140_atomic_wait.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.000002718077F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmp, Updater.exe, 00000016.00000002.2060408071.00007FFF46EB5000.00000002.00000001.01000000.00000018.sdmp, vcruntime140_1.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdbGCTL source: ZipThis.exe, 00000000.00000002.1482554123.0000027180628000.00000004.00000800.00020000.00000000.sdmp, msvcp140_2.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: concrt140.dll.0.dr
Source: ZipThis.exeStatic PE information: 0xBF47FCA7 [Fri Sep 11 02:59:51 2071 UTC]
Source: Updater.dll.0.drStatic PE information: section name: .nep
Source: vcomp140.dll.0.drStatic PE information: section name: _RDATA
Source: vcruntime140.dll.0.drStatic PE information: section name: fothk
Source: vcruntime140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 0_2_00007FFEC82C01BA push E95E4C4Ch; ret 0_2_00007FFEC82C01C9
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 0_2_00007FFEC82C6C41 pushad ; iretd 0_2_00007FFEC82C6C42
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 0_2_00007FFEC82C751A push ebx; iretd 0_2_00007FFEC82C753A
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 0_2_00007FFEC82C2F25 push ebx; retf 0_2_00007FFEC82C2F2E
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 0_2_00007FFEC82C2F15 push edx; retf 0_2_00007FFEC82C2F1E
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFEC82B338E push ecx; ret 3_2_00007FFEC82B339C
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFEC82B7533 push ebx; iretd 3_2_00007FFEC82B753A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFEC8757BD2 push esp; ret 3_2_00007FFEC8757BD9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFEC88D29FB pushad ; retf 3_2_00007FFEC88D29FC
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFEC88D6437 pushad ; retf 3_2_00007FFEC88D643E
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeCode function: 18_2_00007FFEC82C01BA push E95E4C4Ch; ret 18_2_00007FFEC82C01C9
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeCode function: 18_2_00007FFEC82C4312 push ecx; iretd 18_2_00007FFEC82C431C
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_000001491F705E49 push 00000028h; retf 19_2_000001491F705E4E
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_000001491F702832 push 00000028h; retf 19_2_000001491F702834
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_000001491F703107 push 00000028h; retf 19_2_000001491F703109
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_000001491F705CE4 push 00000028h; retf 19_2_000001491F705CEB
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFEC82B7939 push ebx; retf 19_2_00007FFEC82B793A
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 22_2_00007FFEC82BEDFA push 8B485F4Dh; iretd 22_2_00007FFEC82BEE09
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\concrt140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140_2.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\Updater.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\Libs.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcomp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcamp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcruntime140_threads.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\Updater.exeJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vccorlib140.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\ZipThis.exeMemory allocated: 271F8120000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeMemory allocated: 271F9BB0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeMemory allocated: 23C6B7B0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeMemory allocated: 23C6D230000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeMemory allocated: 21259900000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeMemory allocated: 212733A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMemory allocated: 1491F6B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMemory allocated: 14939190000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMemory allocated: 25DD7C50000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMemory allocated: 25DF1530000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599874
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599762
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599650
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599539
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599428
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599301
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599175
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599047
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598935
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598823
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598711
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598599
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598471
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598343
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598231
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598119
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598008
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597896
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597768
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597640
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597528
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597416
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597304
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597193
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597065
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596937
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596825
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596713
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596602
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596492
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596382
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596273
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596163
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596051
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595923
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595779
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595667
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595556
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595445
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595333
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595205
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599889
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599777
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599666
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599555
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599444
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599332
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599204
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\ZipThis.exeWindow / User API: threadDelayed 9542Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7044Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2787Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeWindow / User API: threadDelayed 9270Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeWindow / User API: threadDelayed 567Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeWindow / User API: threadDelayed 9562
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeWindow / User API: threadDelayed 8362
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeWindow / User API: threadDelayed 1377
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\concrt140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\msvcp140_2.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\Updater.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\Libs.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\msvcp140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\vcomp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\vcamp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\vcruntime140_threads.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\vccorlib140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeAPI coverage: 0.1 %
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -100000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -99888s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -99777s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -99665s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -99553s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -99441s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -99314s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -99186s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -99074s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -98962s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 6968Thread sleep time: -98851s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6364Thread sleep count: 7044 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6364Thread sleep count: 2787 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4400Thread sleep time: -7378697629483816s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe TID: 1640Thread sleep time: -7378697629483816s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe TID: 4120Thread sleep time: -7378697629483816s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -599874s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5532Thread sleep count: 8362 > 30
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -599762s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -599650s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -599539s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -599428s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -599301s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -599175s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -599047s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -598935s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -598823s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -598711s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -598599s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -598471s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -598343s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -598231s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -598119s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -598008s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -597896s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -597768s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -597640s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -597528s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -597416s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -597304s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -597193s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -597065s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -596937s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -596825s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -596713s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -596602s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -596492s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -596382s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -596273s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -596163s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -596051s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -595923s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -595779s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -595667s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -595556s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -595445s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -595333s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5888Thread sleep time: -595205s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 4952Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 4008Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6924Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6924Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6924Thread sleep time: -599889s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1540Thread sleep count: 1377 > 30
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6924Thread sleep time: -599777s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6924Thread sleep time: -599666s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6924Thread sleep time: -599555s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6924Thread sleep time: -599444s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6924Thread sleep time: -599332s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6924Thread sleep time: -599204s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5500Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5856Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C4DA360 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,19_2_00007FFF3C4DA360
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFEC82B424F GetSystemInfo,3_2_00007FFEC82B424F
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 100000Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99888Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99777Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99665Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99553Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99441Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99314Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99186Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99074Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 98962Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 98851Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599874
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599762
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599650
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599539
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599428
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599301
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599175
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599047
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598935
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598823
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598711
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598599
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598471
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598343
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598231
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598119
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598008
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597896
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597768
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597640
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597528
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597416
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597304
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597193
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597065
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596937
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596825
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596713
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596602
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596492
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596382
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596273
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596163
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596051
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595923
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595779
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595667
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595556
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595445
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595333
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595205
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599889
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599777
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599666
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599555
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599444
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599332
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599204
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
Source: chrome.exe, 0000000C.00000003.1607135849.000027A802004000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ~]lx{tn~lzyqeMu{_tvwpd
Source: ZipThisApp.exe, 00000012.00000002.2205876929.0000021273A9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{+
Source: powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
Source: ZipThis.exe, 00000000.00000002.1520938661.00000271FE33C000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1910698524.000001491F62A000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2047496950.0000025DD7A09000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_000001491F706DDC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_000001491F706DDC
Source: C:\Users\user\Desktop\ZipThis.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_000001491F706DDC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_000001491F706DDC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_000001491F7067B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_000001491F7067B4
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3C522130 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_00007FFF3C522130
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF3D730AD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_00007FFF3D730AD8
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_00007FFF414B4628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_00007FFF414B4628
Source: C:\Users\user\Desktop\ZipThis.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1"Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cfJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: ___lc_locale_name_func,GetLocaleInfoEx,19_2_00007FFF3C4FD6A0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: GetLocaleInfoEx,FormatMessageA,19_2_00007FFF3C4E1F6C
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Users\user\Desktop\ZipThis.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.3208.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Updater.exe VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Updater.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Libs.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Updater.exe VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Updater.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Libs.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 19_2_000001491F7069C4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,19_2_000001491F7069C4
Source: C:\Users\user\Desktop\ZipThis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		1
Deobfuscate/Decode Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Windows Service		21
Obfuscated Files or Information		Security Account Manager25
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Registry Run Keys / Startup Folder		11
Process Injection		1
Timestomp		NTDS1
Query Registry		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		LSA Secrets11
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Search Order Hijacking		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Masquerading		DCSync31
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Process Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Rundll32		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584939 Sample: ZipThis.exe Startdate: 06/01/2025 Architecture: WINDOWS Score: 42 39 tzpdld.com 2->39 41 sts.thisilient.com 2->41 43 3 other IPs or domains 2->43 63 Multi AV Scanner detection for submitted file 2->63 65 AI detected suspicious sample 2->65 8 ZipThis.exe 19 28 2->8         started        12 Updater.exe 2->12         started        14 rundll32.exe 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 51 apb.thisilient.com 45.33.84.9, 443, 57997, 57998 LINODE-APLinodeLLCUS United States 8->51 31 C:\Users\user\...\vcruntime140_threads.dll, PE32+ 8->31 dropped 33 C:\Users\user\AppData\...\vcruntime140_1.dll, PE32+ 8->33 dropped 35 C:\Users\user\AppData\...\vcruntime140.dll, PE32+ 8->35 dropped 37 14 other files (none is malicious) 8->37 dropped 18 powershell.exe 9 8->18         started        21 chrome.exe 9 8->21         started        24 ZipThisApp.exe 14 2 8->24         started        53 tzpdld.com 5.161.105.73, 443, 58064, 58065 HETZNER-ASDE Germany 12->53 file6 process7 dnsIp8 61 Loading BitLocker PowerShell Module 18->61 26 conhost.exe 18->26         started        45 192.168.2.16, 138, 443, 49539 unknown unknown 21->45 47 192.168.2.4 unknown unknown 21->47 49 239.255.255.250 unknown Reserved 21->49 28 chrome.exe 21->28         started        signatures9 process10 dnsIp11 55 www.google.com 142.250.185.196, 443, 58025, 58044 GOOGLEUS United States 28->55 57 td.doubleclick.net 142.250.185.226, 443, 58035, 58037 GOOGLEUS United States 28->57 59 17 other IPs or domains 28->59

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ZipThis.exe26%ReversingLabsWin32.Spyware.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\ZipThis\Libs.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\Uninstall.exe0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\Updater.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\Updater.exe0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe4%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\concrt140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140_2.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140_atomic_wait.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140_codecvt_ids.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcamp140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vccorlib140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcomp140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcruntime140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcruntime140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcruntime140_threads.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://foo/bar/belongings/dmsans-regular.ttf0%Avira URL Cloudsafe
http://apb.thisilient.com0%Avira URL Cloudsafe
https://bq.zipthisapp.com/report?event_name=thankyou-report&dataSet=report&platform=pc&infoJson=%7B%22suid%22%3A%22aa4008ff-463e-4ce6-8230-e38f8a67e3cf%22%2C%22cid%22%3A%22%22%2C%22utm_source%22%3A%22%22%2C%22_gcl_au%22%3A%221.1.1994571191.1736189525%22%2C%22_ga%22%3A%22GA1.1.1855466587.1736189527%22%2C%22_ga_3D171KFV2T%22%3A%22GS1.1.1736189526.1.0.1736189526.60.0.0%22%2C%22uuid%22%3A%222c53b67d-13cc-4a8b-8975-567a274dd0eb-c%22%2C%22u%22%3A%22aa4008ff-463e-4ce6-8230-e38f8a67e3cf%22%2C%22language%22%3A%22en-US%22%2C%22visit_num%22%3A%222c53b67d-13cc-4a8b-8975-567a274dd0eb-c%22%2C%22application%22%3A%221704805639094716%22%2C%22user_agent%22%3A%22mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F117.0.0.0%20safari%2F537.36%22%2C%22lp_id%22%3A%22success%22%7D0%Avira URL Cloudsafe
https://www.zipthisapp.com/assets/css/main.css0%Avira URL Cloudsafe
http://foo/bar/belongings/acceptaffiliate.png0%Avira URL Cloudsafe
http://defaultcontainer/Belongings/inter-bold.ttf0%Avira URL Cloudsafe
http://defaultcontainer/Belongings/inter-regular.ttf0%Avira URL Cloudsafe
https://zipthisapp.com_default0%Avira URL Cloudsafe
http://scripts.sil.org/OFL~z0%Avira URL Cloudsafe
https://www.zipthisapp.com/assets/images/256px.png0%Avira URL Cloudsafe
https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf0%Avira URL Cloudsafe
http://foo/Belongings/wait.png0%Avira URL Cloudsafe
https://td.doubleclick.net1j86653863580%Avira URL Cloudsafe
https://www.zipthisapp.com0%Avira URL Cloudsafe
http://foo/bar/belongings/dmsans-medium.ttf0%Avira URL Cloudsafe
https://14918961.fls.doubleclick.net/activityi;src=14918961;type=invmedia;cat=typtd0;ord=1;num=101070%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
stackpath.bootstrapcdn.com
104.18.10.207
truefalse
    		high
    jsdelivr.map.fastly.net
    		151.101.65.229
    		truefalse
      		high
      dart.l.doubleclick.net
      		142.250.185.230
      		truefalse
        		high
        can.thisilient.com
        		45.33.84.9
        		truefalse
          		high
          ad.doubleclick.net
          		142.250.186.38
          		truefalse
            		high
            api-advertiser.linkvertise.com
            		104.18.1.75
            		truefalse
              		unknown
              adservice.google.com
              		172.217.23.98
              		truefalse
                		high
                stats.g.doubleclick.net
                		74.125.71.156
                		truefalse
                  		high
                  analytics-alv.google.com
                  		216.239.34.181
                  		truefalse
                    		high
                    code.jquery.com
                    		151.101.130.137
                    		truefalse
                      		high
                      googleads.g.doubleclick.net
                      		142.250.186.66
                      		truefalse
                        		high
                        cdnjs.cloudflare.com
                        		104.17.24.14
                        		truefalse
                          		high
                          sts.thisilient.com
                          		45.33.84.9
                          		truefalse
                            		unknown
                            www.zipthisapp.com
                            		104.18.2.200
                            		truefalse
                              		high
                              www.google.com
                              		142.250.185.196
                              		truefalse
                                		high
                                td.doubleclick.net
                                		142.250.185.226
                                		truefalse
                                  		high
                                  tzpdld.com
                                  		5.161.105.73
                                  		truefalse
                                    		high
                                    apb.thisilient.com
                                    		45.33.84.9
                                    		truefalse
                                      		high
                                      bq.zipthisapp.com
                                      		104.18.2.200
                                      		truefalse
                                        		high
                                        cdn.jsdelivr.net
                                        		unknown
                                        		unknownfalse
                                          		high
                                          14918961.fls.doubleclick.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            analytics.google.com
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://bq.zipthisapp.com/report?event_name=thankyou-report&dataSet=report&platform=pc&infoJson=%7B%22suid%22%3A%22aa4008ff-463e-4ce6-8230-e38f8a67e3cf%22%2C%22cid%22%3A%22%22%2C%22utm_source%22%3A%22%22%2C%22_gcl_au%22%3A%221.1.1994571191.1736189525%22%2C%22_ga%22%3A%22GA1.1.1855466587.1736189527%22%2C%22_ga_3D171KFV2T%22%3A%22GS1.1.1736189526.1.0.1736189526.60.0.0%22%2C%22uuid%22%3A%222c53b67d-13cc-4a8b-8975-567a274dd0eb-c%22%2C%22u%22%3A%22aa4008ff-463e-4ce6-8230-e38f8a67e3cf%22%2C%22language%22%3A%22en-US%22%2C%22visit_num%22%3A%222c53b67d-13cc-4a8b-8975-567a274dd0eb-c%22%2C%22application%22%3A%221704805639094716%22%2C%22user_agent%22%3A%22mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F117.0.0.0%20safari%2F537.36%22%2C%22lp_id%22%3A%22success%22%7Dfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.jsfalse
                                                		high
                                                https://www.zipthisapp.com/assets/css/main.cssfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.zipthisapp.com/assets/images/256px.pngfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cffalse
                                                • Avira URL Cloud: safe
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://apb.thisilient.comZipThis.exe, 00000000.00000002.1482554123.00000271803EA000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.0000027180327000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://google-ohttp-relay-join.fastly-edge.com/)chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://foo/bar/belongings/dmsans-regular.ttfZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://google-ohttp-relay-join.fastly-edge.com//chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tzpdld.comUpdater.exe, 00000013.00000002.1914767126.0000014921245000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD95E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://aka.ms/winsvr-2022-pshelp.cpowershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.datacontract.orgUpdater.exe, 00000013.00000002.1914767126.00000149212FC000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1914767126.000001492126A000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD969C000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD960A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://google-ohttp-relay-join.fastly-edge.com/1chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://google-ohttp-relay-join.fastly-edge.com/7chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/document/Jchrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://anglebug.com/4633chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://anglebug.com/7382chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://issuetracker.google.com/284462263chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://google-ohttp-relay-join.fastly-edge.com/:chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://zipthisapp.com/m/chrome.exe, 0000000C.00000003.1447587259.000027A801A74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/document/:chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://google-ohttp-relay-join.fastly-edge.com/Fchrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://anglebug.com/7714chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://defaultcontainer/Belongings/inter-bold.ttfZipThis.exe, 00000000.00000002.1482554123.0000027180224000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.0000027180001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://google-ohttp-relay-join.fastly-edge.com/Lchrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://google-ohttp-relay-join.fastly-edge.com/Schrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://defaultcontainer/Belongings/inter-regular.ttfZipThis.exe, 00000000.00000002.1482554123.0000027180224000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.0000027180529000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000000.00000002.1482554123.0000027180001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1305107541.0000028B93CD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://drive.google.com/?lfhs=2chrome.exe, 0000000C.00000003.1407423087.000027A800C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/6248chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/Ychrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/_chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://td.doubleclick.net/td/ga/rul?tid=G-3D171KFV2T&gacid=1855466587.1736189527&gtm=45je4cc1v91763chrome.exe, 0000000C.00000003.1482361113.000027A8003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/6929chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/cchrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/5281chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameZipThis.exe, 00000000.00000002.1482554123.0000027180312000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1280693882.0000028B83C61000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2192225044.000002125B3A1000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1914767126.000001492122F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2051453295.0000025DD95CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.youtube.com/?feature=ytcachrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/echrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://issuetracker.google.com/255411748chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://foo/bar/belongings/acceptaffiliate.pngZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://anglebug.com/7246chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://anglebug.com/7369chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://anglebug.com/7489chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://duckduckgo.com/?q=chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.zipthisapp.com/legal?ZipThis.exefalse
                                                                                                                                          		high
                                                                                                                                          https://chrome.google.com/webstorechrome.exe, 0000000C.00000003.1464013454.000027A800488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.colophon-foundry.orgZipThis.exe, 00000000.00000002.1525429968.00000271FE6B2000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2213250780.00000212740B7000.00000004.00000020.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2215601515.0000021276CC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previewchrome.exe, 0000000C.00000003.1450337770.000027A801490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://zipthisapp.com_defaultchrome.exe, 0000000C.00000003.1472480387.000027A801E0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://contoso.com/Iconpowershell.exe, 00000003.00000002.1305107541.0000028B93CD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://scripts.sil.org/OFL~zZipThisApp.exe, 00000012.00000002.2213250780.00000212740B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://issuetracker.google.com/161903006chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://foo/Belongings/wait.pngZipThis.exe, 00000000.00000002.1482554123.0000027180448000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://duckduckgo.com/favicon.icochrome.exe, 0000000C.00000003.1407423087.000027A800C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/3078chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/7553chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/5375chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/5371chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/4722chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000003.00000002.1280693882.0000028B83E87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/7556chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.youtube.com/?feature=ytcaoglchrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/#chrome.exe, 0000000C.00000003.1440220849.000027A8018D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://14918961.fls.doubleclick.net/activityi;src=14918961;type=invmedia;cat=typtd0;ord=1;num=10107chrome.exe, 0000000C.00000003.1482052278.000027A80039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.indiantypefoundry.comZipThis.exe, 00000000.00000002.1525429968.00000271FE6B2000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 00000012.00000002.2215601515.0000021276CC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/6692chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://issuetracker.google.com/258207403chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/3502chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/3623chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/3625chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/3624chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://docs.google.com/presentation/Jchrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1764514818.000027A800FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1460064287.000027A800FCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/5007chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 0000000C.00000003.1396549220.000027A80061C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://td.doubleclick.net1j8665386358chrome.exe, 0000000C.00000003.1472480387.000027A801E0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://anglebug.com/3862chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.zipthisapp.com/policyZipThis.exe, 00000000.00000002.1482554123.0000027180001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000C.00000003.1407367333.000027A800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406410541.000027A800CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406316251.000027A800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1464071047.000027A801DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1464252876.000027A800CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407765816.000027A800CEF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407765816.000027A800CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1464013454.000027A800488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/4836chrome.exe, 0000000C.00000003.1401151341.000027A8003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405633277.000027A8007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://issuetracker.google.com/issues/166475273chrome.exe, 0000000C.00000003.1405505306.000027A8003D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://foo/bar/belongings/dmsans-medium.ttfZipThisApp.exe, 00000012.00000002.2192225044.000002125B453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://ch.search.yahoo.com/favicon.icochrome.exe, 0000000C.00000003.1407423087.000027A800C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1463915111.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1440010677.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1765283078.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C21000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1607242456.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406636149.000027A800C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 0000000C.00000003.1433962288.000027A801308000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/chrome.exe, 0000000C.00000003.2037753571.000027A802FD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://www.zipthisapp.comchrome.exe, 0000000C.00000003.1470970310.000027A80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482361113.000027A8003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1472350239.000027A800C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1463065683.000027A8019AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1482122248.000027A801E18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                                      		unknown

                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                      104.18.10.207
                                                                                                                                                                                                                      		stackpath.bootstrapcdn.comUnited States
                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                      216.239.34.181
                                                                                                                                                                                                                      		analytics-alv.google.comUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      74.125.71.156
                                                                                                                                                                                                                      		stats.g.doubleclick.netUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      142.250.185.226
                                                                                                                                                                                                                      		td.doubleclick.netUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      104.18.1.75
                                                                                                                                                                                                                      		api-advertiser.linkvertise.comUnited States
                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                      151.101.130.137
                                                                                                                                                                                                                      		code.jquery.comUnited States
                                                                                                                                                                                                                      		54113FASTLYUSfalse
                                                                                                                                                                                                                      172.217.23.98
                                                                                                                                                                                                                      		adservice.google.comUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      5.161.105.73
                                                                                                                                                                                                                      		tzpdld.comGermany
                                                                                                                                                                                                                      		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                      104.17.24.14
                                                                                                                                                                                                                      		cdnjs.cloudflare.comUnited States
                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                      142.250.186.38
                                                                                                                                                                                                                      		ad.doubleclick.netUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      151.101.65.229
                                                                                                                                                                                                                      		jsdelivr.map.fastly.netUnited States
                                                                                                                                                                                                                      		54113FASTLYUSfalse
                                                                                                                                                                                                                      104.18.2.200
                                                                                                                                                                                                                      		www.zipthisapp.comUnited States
                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                      239.255.255.250
                                                                                                                                                                                                                      		unknownReserved
                                                                                                                                                                                                                      		unknownunknownfalse
                                                                                                                                                                                                                      142.250.185.196
                                                                                                                                                                                                                      		www.google.comUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      142.250.185.230
                                                                                                                                                                                                                      		dart.l.doubleclick.netUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      45.33.84.9
                                                                                                                                                                                                                      		can.thisilient.comUnited States
                                                                                                                                                                                                                      		63949LINODE-APLinodeLLCUSfalse
                                                                                                                                                                                                                      172.217.16.196
                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                      142.250.186.66
                                                                                                                                                                                                                      		googleads.g.doubleclick.netUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                                                                                                                      Private

                                                                                                                                                                                                                      IP
                                                                                                                                                                                                                      192.168.2.16
                                                                                                                                                                                                                      192.168.2.4

                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                      Analysis ID:1584939
                                                                                                                                                                                                                      Start date and time:2025-01-06 19:51:07 +01:00
                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                      Overall analysis duration:0h 15m 41s
                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                      Number of analysed new started processes analysed:23
                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                      Sample name:ZipThis.exe
                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                      Classification:mal42.winEXE@37/34@44/20
                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                      • Successful, ratio: 40%
                                                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                      • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 172.217.18.3, 108.177.15.84, 142.250.186.174, 142.250.186.42, 142.250.185.238, 216.58.206.67, 142.250.185.168, 142.250.185.142, 172.217.23.110, 142.250.186.98, 172.217.18.8, 142.250.186.46, 142.250.185.78, 142.250.186.74, 142.250.185.106, 142.250.186.106, 142.250.184.202, 172.217.18.106, 142.250.181.234, 142.250.186.170, 142.250.185.138, 142.250.185.170, 142.250.185.234, 216.58.206.42, 142.250.185.202, 142.250.74.202, 142.250.186.138, 172.217.18.10, 142.251.32.110, 74.125.0.102, 142.250.186.131, 142.250.186.110, 4.175.87.197, 23.56.254.164, 20.42.65.84
                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): clients1.google.com, fonts.googleapis.com, fs.microsoft.com, www.googleadservices.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, self.events.data.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, www.googletagmanager.com, update.googleapis.com, r1.sn-t0aekn7e.gvt1.com, clients.l.google.com, r1---sn-t0aekn7e.gvt1.com, www.google-analytics.com, optimizationguide-pa.googleapis.com
                                                                                                                                                                                                                      • Execution Graph export aborted for target Updater.exe, PID 4044 because it is empty
                                                                                                                                                                                                                      • Execution Graph export aborted for target ZipThis.exe, PID 6532 because it is empty
                                                                                                                                                                                                                      • Execution Graph export aborted for target ZipThisApp.exe, PID 5136 because it is empty
                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                      • VT rate limit hit for: ZipThis.exe

                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                      13:51:37API Interceptor132x Sleep call for process: ZipThis.exe modified
                                                                                                                                                                                                                      13:51:45API Interceptor30x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                      13:52:05API Interceptor25316713x Sleep call for process: ZipThisApp.exe modified
                                                                                                                                                                                                                      13:52:46API Interceptor52x Sleep call for process: Updater.exe modified

                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      104.18.10.207http://desifoodcorner.wb4.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
                                                                                                                                                                                                                      SecuriteInfo.com.Exploit.Siggen3.17149.11632.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                                                      SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                                                      SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                                                      SecuriteInfo.com.Exploit.Siggen3.17149.6905.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                                                      SecuriteInfo.com.Exploit.Siggen3.17149.32268.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                                                      SecuriteInfo.com.Exploit.Siggen3.17149.6905.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                                                      SecuriteInfo.com.Exploit.Siggen3.17149.4633.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                                                      SecuriteInfo.com.Exploit.Siggen3.17149.21631.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                                                      SecuriteInfo.com.Exploit.Siggen3.17149.14541.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                                                      151.101.130.137http://mi-outlook-loggin.click/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                                                                      http://imaps-support.us/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                                                                      http://facebooksecurity.blogspot.ch/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • code.jquery.com/jquery-1.7.min.js
                                                                                                                                                                                                                      https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AING.shalominternationalministry.com/index.xml%23?email=amFtZXMubGVhZGJlYXRlckBsb2dpY2FsaXMuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • code.jquery.com/jquery-3.3.1.min.js
                                                                                                                                                                                                                      http://site9613885.92.webydo.com/?v=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • code.jquery.com/jquery-1.7.2.min.js

                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      stackpath.bootstrapcdn.comhttps://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.18.11.207
                                                                                                                                                                                                                      https://pwv95gp5r-xn--r3h9jdud-xn----c1a2cj-xn----p1ai.translate.goog/sIQKSvTC/b8KvU/uoTt6?ZFhObGNpNXBiblp2YkhabGJXVnVkRUJ6YjNWMGFHVnliblJ5ZFhOMExtaHpZMjVwTG01bGRBPT06c1JsOUE+&_x_tr_sch=http&_x_tr_sl=hrLWHGLm&_x_tr_tl=bTtllyqlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.18.10.207
                                                                                                                                                                                                                      https://rfqdocu.construction-org.com/Q5kL4/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.18.10.207
                                                                                                                                                                                                                      https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08okGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.18.11.207
                                                                                                                                                                                                                      01012025.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.18.11.207
                                                                                                                                                                                                                      https://bs32c.golfercaps.com/vfd23ced/#sean@virtualintelligencebriefing.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.18.10.207
                                                                                                                                                                                                                      http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.18.10.207
                                                                                                                                                                                                                      http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.18.10.207
                                                                                                                                                                                                                      https://www.gglusa.us/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.11.207
                                                                                                                                                                                                                      https://yungbucksbbq.com/portbiz/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.18.11.207
                                                                                                                                                                                                                      jsdelivr.map.fastly.netProfile Illustrations and Technical Specifications for This System1.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.65.229
                                                                                                                                                                                                                      https://pwv95gp5r-xn--r3h9jdud-xn----c1a2cj-xn----p1ai.translate.goog/sIQKSvTC/b8KvU/uoTt6?ZFhObGNpNXBiblp2YkhabGJXVnVkRUJ6YjNWMGFHVnliblJ5ZFhOMExtaHpZMjVwTG01bGRBPT06c1JsOUE+&_x_tr_sch=http&_x_tr_sl=hrLWHGLm&_x_tr_tl=bTtllyqlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                                      https://realpaperworks.com/wp-content/red/UhPIYaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                                      https://klickskydd.skolverket.org/?url=https%3A%2F%2Fwww.gazeta.ru%2Fpolitics%2Fnews%2F2024%2F12%2F22%2F24684722.shtml&id=71de&rcpt=upplysningstjansten@skolverket.se&tss=1735469857&msgid=b53e7603-c5d3-11ef-8a2e-0050569b0508&html=1&h=ded85c63Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                                      https://www.gazeta.ru/politics/news/2024/12/22/24684722.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.129.229
                                                                                                                                                                                                                      https://www.gazeta.ru/politics/news/2024/12/22/24684854.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                                      https://mmm.askfollow.us/#CRDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.65.229
                                                                                                                                                                                                                      http://l.instagram.com/?0bfd7a413579bfc47b11c1f19890162e=f171d759fb3a033e4eb430517cad3aef&e=ATP3gbWvTZYJbEDeh7rUkhPx4FjctqZcqx8JLHQOt3eCFNBI8ssZ853B2RmMWetLJ63KaZJU&s=1&u=https%3A%2F%2Fbusiness.instagram.com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww.facebook.com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8XGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                                      https://t.co/YjyGioQuKTGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.129.229
                                                                                                                                                                                                                      https://www.dropbox.com/scl/fi/lncgsm76k7l5ix7fuu5t6/2024-OK-House-Outreach.pdf?rlkey=o4qr50zpdw1z14o6ikdg6zjt8&st=lrloyzlo&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                                      code.jquery.comhttps://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                      https://z97f4f2525fyg27.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.130.137
                                                                                                                                                                                                                      https://u1427642.ct.sendgrid.net/ss/c/u001.FNsPiHUBxMFL4Ws_sT4ClbcHyliF9aYYaCWsJtTBDNtLQl9ZlDrQgriglBxgGE9RruWvR9yDlYrq9sYDXn9m2QBHZNBT8lOXoCfvqrsEWDs/4cw/m3JxW_wISSqopMaBzhDAkg/h0/h001.ecTtgKjf7ojZqznHApcdI1yRZPedj7DDFJ38_Fw-Xx8Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                      http://globconnex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.130.137
                                                                                                                                                                                                                      https://pwv95gp5r-xn--r3h9jdud-xn----c1a2cj-xn----p1ai.translate.goog/sIQKSvTC/b8KvU/uoTt6?ZFhObGNpNXBiblp2YkhabGJXVnVkRUJ6YjNWMGFHVnliblJ5ZFhOMExtaHpZMjVwTG01bGRBPT06c1JsOUE+&_x_tr_sch=http&_x_tr_sl=hrLWHGLm&_x_tr_tl=bTtllyqlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                      https://rfqdocu.construction-org.com/Q5kL4/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.130.137
                                                                                                                                                                                                                      nv8401986_110422.exeGet hashmaliciousQjwmonkeyBrowse
                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                      https://t.co/jNNzVU90SAGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                      https://realpaperworks.com/wp-content/red/UhPIYaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.130.137
                                                                                                                                                                                                                      https://share.hsforms.com/1ERkb7-8BRoi6cEFhMJVsvgt08okGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.66.137
                                                                                                                                                                                                                      can.thisilient.comhttp://www.kalenderpedia.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      api-advertiser.linkvertise.comhttp://www.kalenderpedia.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.22.23.72

                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      CLOUDFLARENETUShttps://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                                      https://scales.mn/file/one-drv11.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                                      http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                                      http://t.me/hhackplusGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                                      Drivespan.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.20.3.235
                                                                                                                                                                                                                      https://www.figma.com/design/Sw6t5vElBVmnrFNiteka8B/Untitled-(Copy)?node-id=0-1&p=f&t=x9aFU3FgLH1rkKBK-0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 172.66.0.227
                                                                                                                                                                                                                      https://linkedln.contact/ugtxCQqLJUk?in/fuat-kirikci22-46d64297c/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.9.247
                                                                                                                                                                                                                      http://joeschmidtmusic.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                                      https://linkedln.contact/ugtxCQqLJUk?in/fuat-kirikci22-46d64297c/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.9.247
                                                                                                                                                                                                                      https://url9577.spatialobjects.com/ls/click?upn=u001.4ivVkFS2-2B4Sp-2Bivia16FvZ0teKfwckAWDUNO-2FsqtRchREXEyTglUEhVzVLlqiPt6oyeeJPuBMPPn-2FAJy8GEEGQs1-2BYVSMuO8RcYEmOVkcjI-3DnYq7_5kJ5LjeESMs3fQdMgHqyuvFFc7nFcZjYyI3vr6BFlw-2BbBsOMKGykWhuto9VBBSTEAWm9RK1szoMJSY3w0qEGh2haan1Og8NtlsLY75H85AELmELLmWbs81ikIO79Vk-2BAlUDIKzd2g1S8a2OhhfsFXuY6OMfebPMC6myP97HBZna1K6-2Bf-2BMbrfkWXlYPN21iZCikY-2Fj1mWRtbJrLJTAOgMXiWNk9cXQxyzwLnkUSS-2BNxcVuCkqDWejp6A-2FGSU05Z-2F9a1Dpa0znzETm-2Be8z9Abw3rZWiLfMFYofxE0t9vgWDzkWRWL6PmrMBcXk8MmBC1ALYIO7SJA6ICZQww3qf73KQ-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.40.68
                                                                                                                                                                                                                      FASTLYUShttps://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                      http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.1.140
                                                                                                                                                                                                                      https://www.figma.com/design/Sw6t5vElBVmnrFNiteka8B/Untitled-(Copy)?node-id=0-1&p=f&t=x9aFU3FgLH1rkKBK-0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 199.232.188.157
                                                                                                                                                                                                                      Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.192.176
                                                                                                                                                                                                                      https://z97f4f2525fyg27.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                      Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.64.176
                                                                                                                                                                                                                      https://u1427642.ct.sendgrid.net/ss/c/u001.FNsPiHUBxMFL4Ws_sT4ClbcHyliF9aYYaCWsJtTBDNtLQl9ZlDrQgriglBxgGE9RruWvR9yDlYrq9sYDXn9m2QBHZNBT8lOXoCfvqrsEWDs/4cw/m3JxW_wISSqopMaBzhDAkg/h0/h001.ecTtgKjf7ojZqznHApcdI1yRZPedj7DDFJ38_Fw-Xx8Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                      http://phothockey.chGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                      • 151.101.65.108
                                                                                                                                                                                                                      http://globconnex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 151.101.130.137
                                                                                                                                                                                                                      UpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 185.199.108.153
                                                                                                                                                                                                                      CLOUDFLARENETUShttps://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                                      https://scales.mn/file/one-drv11.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                                      http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                                      http://t.me/hhackplusGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                                      Drivespan.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.20.3.235
                                                                                                                                                                                                                      https://www.figma.com/design/Sw6t5vElBVmnrFNiteka8B/Untitled-(Copy)?node-id=0-1&p=f&t=x9aFU3FgLH1rkKBK-0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 172.66.0.227
                                                                                                                                                                                                                      https://linkedln.contact/ugtxCQqLJUk?in/fuat-kirikci22-46d64297c/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.9.247
                                                                                                                                                                                                                      http://joeschmidtmusic.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                                      https://linkedln.contact/ugtxCQqLJUk?in/fuat-kirikci22-46d64297c/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.9.247
                                                                                                                                                                                                                      https://url9577.spatialobjects.com/ls/click?upn=u001.4ivVkFS2-2B4Sp-2Bivia16FvZ0teKfwckAWDUNO-2FsqtRchREXEyTglUEhVzVLlqiPt6oyeeJPuBMPPn-2FAJy8GEEGQs1-2BYVSMuO8RcYEmOVkcjI-3DnYq7_5kJ5LjeESMs3fQdMgHqyuvFFc7nFcZjYyI3vr6BFlw-2BbBsOMKGykWhuto9VBBSTEAWm9RK1szoMJSY3w0qEGh2haan1Og8NtlsLY75H85AELmELLmWbs81ikIO79Vk-2BAlUDIKzd2g1S8a2OhhfsFXuY6OMfebPMC6myP97HBZna1K6-2Bf-2BMbrfkWXlYPN21iZCikY-2Fj1mWRtbJrLJTAOgMXiWNk9cXQxyzwLnkUSS-2BNxcVuCkqDWejp6A-2FGSU05Z-2F9a1Dpa0znzETm-2Be8z9Abw3rZWiLfMFYofxE0t9vgWDzkWRWL6PmrMBcXk8MmBC1ALYIO7SJA6ICZQww3qf73KQ-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.40.68
                                                                                                                                                                                                                      HETZNER-ASDEhttps://tfeweb.co.uk/signoffGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 144.76.9.200
                                                                                                                                                                                                                      rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 136.243.225.5
                                                                                                                                                                                                                      https://sendbot.me/mousse-w0fysl7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 88.198.57.50
                                                                                                                                                                                                                      http://www.housepricesintheuk.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 178.63.241.79
                                                                                                                                                                                                                      getscreen-524501439-x86.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 78.47.165.25
                                                                                                                                                                                                                      getscreen-524501439-x86.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 78.47.165.25
                                                                                                                                                                                                                      getscreen-524501439.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 5.75.168.191
                                                                                                                                                                                                                      getscreen-524501439.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 78.47.165.25
                                                                                                                                                                                                                      ny9LDJr6pA.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                      • 195.201.57.90
                                                                                                                                                                                                                      2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 213.133.114.151

                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0edocument pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73
                                                                                                                                                                                                                      https://sendbot.me/mousse-w0fysl7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73
                                                                                                                                                                                                                      fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73
                                                                                                                                                                                                                      anrek.mp4.htaGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73
                                                                                                                                                                                                                      title.mp4.htaGet hashmaliciousLummaC, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73
                                                                                                                                                                                                                      Agent381.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73
                                                                                                                                                                                                                      yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73
                                                                                                                                                                                                                      ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 45.33.84.9
                                                                                                                                                                                                                      • 5.161.105.73

                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      C:\Users\user\AppData\Local\ZipThis\concrt140.dllhttps://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-1.2.6-win64.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):21252
                                                                                                                                                                                                                        Entropy (8bit):5.474963092370903
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:682r6bVswpl6XxqahaHUnBCeyzmYD7S17LUEGUJ7ecx8mFI+T:krFwqXxqahB0NOLUvcO7E
                                                                                                                                                                                                                        MD5:81D7D66371F661D1C6CDE3E744013099
                                                                                                                                                                                                                        SHA1:C9274FC7A8490A6E3C6502646E3B0E4498ADB07C
                                                                                                                                                                                                                        SHA-256:C267BBFD685665926F9BB2E7508E6E8CCE856CED0FEC963DC2D4C3AF5090A62A
                                                                                                                                                                                                                        SHA-512:EF4D7F06DAFA3B2D8E2F4D58D9B4B26B2195FE35E4B2210AA020F63BAA4CE20CFA9D414D89EC9C85BACB278A272E7C401FAF3E7DB43ABA64162A91D353FCB162
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:@...e...........x....................................@..........H...............o..b~.D.poM...J..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.............System.Management.Automation0.................Vn.F..kLsw..........System..4...............<."..Ke@...j..........System.Core.L.................*gQ?O.....x5.l.....#.Microsoft.Management.Infrastructure.4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...<...............i..VdqF...|...........System.Configuration4...............&.QiA0aN.:... .G........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...D....................+.H..!...e........System.Configuration.Ins

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4sr4dms1.4ak.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jb3siavy.xa3.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ocpkbslu.xzu.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qkxympxi.bmr.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\BaseV4.Belongings.favicon.ico

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):118095
                                                                                                                                                                                                                        Entropy (8bit):4.895798727315238
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:UVyXlBP3FxjC+jZhtWbT8rQafTSMdp5SHOOOOOqMNT:UwBP3j7tYT3gp5YOOOOOqU
                                                                                                                                                                                                                        MD5:445F0C73332D5E55BD49681AD990527F
                                                                                                                                                                                                                        SHA1:5055352F2B851C78705A63D401D08D8095E91A0C
                                                                                                                                                                                                                        SHA-256:AA354C95608D65898F835859327344D7B5342CC92AEEDC763D003C982F3AD286
                                                                                                                                                                                                                        SHA-512:C83B3E53A9801EDE38D630408569C94ED2F6E40A2813DCC5FE13C39B4C3B2D132E280F95051B60D5EAA1B39676F6D76EB05802D1BB589A21F3FAB9E531D16869
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............ ..G..f......... .(...GH..@@.... .(B..oP..00.... ..%...... .... .....?......... .h........PNG........IHDR.............\r.f..G.IDATx..{.\Wu.....[.W.....e.lc......0..Wx.!....x%?.2.."L..{ ...........A2c...v...l.,.l.lI..R...........^UuWK-YRwI.V...u..{.>....D".H$..D".H$..D".H...;...)8.;*.;w.......%.].n....|Z.x......?...w....|.3M.gf.r.-.u.....y.......W.r.z..........+.c_.....N...|.....?...,8~.M7..q../.N.Zw.*.rg`..L..I..)..'....<.......7l.yY....pl..?U..m1...V..K..:.c......R.._.C.....6..#..w.u.....0...>.....?.9..~.r.-...........~.p.......r].......o._.._..8.e..D"..4....J...n...z.-<..cM.`.M.m.6...G..a...w..w.q........_..~.;.A.....s.N...+..k...7..#8|.p.|.|...8....idd.'&&....86o.c.ajj.......J...{......i.......e.n.={p...s...000@{..a....}.c..'?.{............>.G.y....(.....e.....]]].8...^..]..M7...(.J.......^.[n.......o..fSyo..vl........7o..^K;w.d/..\s.>.................<..>.].v.....R.....R.=z....M../}..o........x..G..........G*.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\Libs.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                                        Entropy (8bit):5.403648157585069
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:oEok4GeC0GRgPSdKDa6Gw4nTRm3icXWnX:oQ4TC0nPSt6Qn2Gn
                                                                                                                                                                                                                        MD5:8F22D1409CF9222DD8B05EB8E0456050
                                                                                                                                                                                                                        SHA1:EA477598B8F3C69B4E35ED2ABFCBB56EAC4B033F
                                                                                                                                                                                                                        SHA-256:D658EA24EE115D2071DEDFF84383657BB540DC1037E6D0FEE689D2751204D4D7
                                                                                                                                                                                                                        SHA-512:977E161F6C4C70A14450DB1685CDA54C3C529AD58AFD89ED053EF99084EFF97EC3ADF404A3EAB6F605B99C779FDCB89C54BE898F78124CD024D7D895447653D3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ..0.................. ........... ....................................`...@......@............... ...............................`..h...........................tM............................................................... ..H............text....-... ...................... ..`.rsrc...h....`.......0..............@..@........................................H...........p............................................................r...p(....*.~....*.......*..0..<............(....s.....(.....o....s.......o.............,..o......*......!..0.......0..7............(....s......(....s.......o.............,..o......*..........+.......0..........s......u....9.....t.......rM..p.o.......(....r[..p( ...o!...&..+N...4...%...%.rc..p.%...(.....%.ri..p.%..ru..p(".....o#...(.....($...o%...&..X...o....2...ry..p("...o!...&8.....u....9.....t........rM..p..o

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\Uninstall.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20264
                                                                                                                                                                                                                        Entropy (8bit):6.888238560459724
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:wI8dBJ1hzqNXS3SU/OVEQ6n/uo6ki2rcNi1HUi4SJIVE8E9VF0Nypg/k:RUzPC+iKQ5r2AkNl2Evv
                                                                                                                                                                                                                        MD5:C8D7C3648853C541B6AFE9F2F647FEAF
                                                                                                                                                                                                                        SHA1:FDD51E2DCB1A998376E6671983C355B35FA7A7B8
                                                                                                                                                                                                                        SHA-256:F933937BDAF0DB26DEDB3EDD7C214F573D78D1738C69FCF47FC488C9849D99C0
                                                                                                                                                                                                                        SHA-512:30C20F35352710CB5F70D7D0C9E5C728138042AEA53C6D2488EFD1617B3FFD29739E2053935A468C119ED8B86BE44282766B411F0474340B8FF2CB1642A45550
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....`..........."...0.................. .....@..... .......................`............`...@......@............... ...............................@............... ..(/..........P5............................................................... ..H............text...l.... ...................... ..`.rsrc........@......................@..@........................................H.......(#..(............................................................0..!........(....r...p(......(....,..(.....*F~....r...po.....*..0..b.......~....%-.&~..........s....%.....%r...po.....r:..po......(....-..+...s....%r...po....%.o....(....&.*..(....*...0.. .......(....s....(....o....o....&..&..*.................0../.......s....%r...pr5..po....%rQ..p..(....r[..p(....re..p(....( ...o....%r}..pr...po....%r...pr...po....~....%-.&~..........s!...%.....(...+~....%-.&~..........s#...%..

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\Updater.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):94208
                                                                                                                                                                                                                        Entropy (8bit):6.035478330944383
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:7VkAFS8czM27nW44/93BgBigyTYHTHRYA6WKm35GIc0UJtDfJdqIFiW+JXJluDJP:HFHczM27nW1w6sHTHRYA6WKmJGIc0gt1
                                                                                                                                                                                                                        MD5:C355B5CA9F7B07667F96C1E30B9A0894
                                                                                                                                                                                                                        SHA1:91D596E3341723E3EC3A0E58C51E1C885ED60F72
                                                                                                                                                                                                                        SHA-256:27A7BA032F7D6CF787454C2FD036C95D13BE9FB489B26FD9050659AA23498DD6
                                                                                                                                                                                                                        SHA-512:4D0298EFF96CE49F59458649DC0308F7460ADD774CB98EC67B19BE7D1FB07313E212A144AE00C98355F0A304532520937F9C92FC64C17FB6D9D82563FC726BE4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.Ou..Ou..Ou..F...Gu..Q'..Mu......Pu......Gu......Ku......Hu......Gu..Ou...u......Gu......Nu......Nu......Nu..RichOu..................PE..d.....g.........." ...'.~................................................................`..........................................w..L....w..................................h......8...............................@...........................P...H............text....z.......|.................. ..`.nep................................ ..`.rdata..............................@..@.data................d..............@....pdata...............h..............@..@.rsrc................l..............@..@.reloc..h............n..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\Updater.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20776
                                                                                                                                                                                                                        Entropy (8bit):6.880048281652988
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:U+uUE99n53Fc4LVlDsQw/uo6ki2rcNi1HUfIXSJIVE8E9VF0Ny+P/s:UH9nysnDs8r2AkNTW2EIXs
                                                                                                                                                                                                                        MD5:8F3972F98564FC9D1E3E5A3840A0DA85
                                                                                                                                                                                                                        SHA1:90E87AF2BDFDF33E49EEA353480CB8DA362C450E
                                                                                                                                                                                                                        SHA-256:CBDFE04B8F754E5E6150936EE604F0A478B79C6D0466EE155775EAD575ADEA90
                                                                                                                                                                                                                        SHA-512:F0909E35E839BC8735D1F3B8C1AE37DC9B78BA9D8278A17F2DD660C1CFC18FA42A95D7A8CB9CBE44E73778440E3BB117C97377933860E68C07723C09B91F6F84
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...k:n..........."...0.................. .....@..... .......................`.......x....`...@......@............... ...............................@..............."..(/..........\7............................................................... ..H............text...x.... ...................... ..`.rsrc........@......................@..@........................................H........$...............................................................0.............(.......(....*..(....*....0..%.......s.......}............s....(...+(...+*..(....*....0..2........(....r...ps.....s......(....o....o....o....o....*..(....*...0...........r...p(......r9..p(......r[..p(......ru..p(.....s....%..o....%..o....%..o....~....%-.&~..........s....%.....(...+~....%-.&~..........s!...%.....(...+~....%-.&~..........s#...%.....(...+~....%-.&~..........s$...%.....(...+..s......r.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\Updates.zip

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1047626
                                                                                                                                                                                                                        Entropy (8bit):7.996039331053294
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:+TSTFIIbJPcmfGXXBjEkBKB90FqnLMwBBOxI:+TST6+PcCGXvBa90FwBExI
                                                                                                                                                                                                                        MD5:674D4C37B0C2888A2768CBE7D368C4DB
                                                                                                                                                                                                                        SHA1:CF7B372A79F0441B313980221A92B7E52C1BF565
                                                                                                                                                                                                                        SHA-256:777BCEC19FCEF78FC6E3451139456269FD9FDF10F68FBD8DE5B82AAABF21502E
                                                                                                                                                                                                                        SHA-512:22D44B08277E63C18A37AC3FF095C33250F0789F32D231B30E37F7D2452A1FB8601E7E0646858537AAC8F3C8152CBF51E11D00FE0C474EBD10A1A2E75C230FC0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:PK..........FY.............. .Updates/UT...g..gu..g..gux.............PK........L.uX........p..... .Updates/concrt140.dllUT....K.e...g..gux..............}y|.U.x.....A..E..0.G.x$..3$!...".rE....... ......T.Vwe.].uW....$B..A..U.;.0.B@..U..{z&...w.....$..~GU.zu.z..oZ*8.Ap....Z...._.i..n}..&...Z[`[....^^1.....N.|.=.L...2%."|O.......L.{.S...s...k...st...o.7.T...................K.WU.....:B.WV.C._.:F..W.......1...M...@.n}..p.S....Z....w. l...N.=[Z..=.q.=......,.....IDlZ...,.....m..K.8..AAx&.)4..Na'.H94v....).....S...F/p.....}...fyp...8./.Yh.....U..qO(.....U.zs.fx-.Ma8.o.....]..K...,h.....X.zY.^.q4p.........3.d%...P.rS.N..H#.....hSn.....~..u,.}.G...[.E.f...LJ.;.)...u[c?P~.>..7...X~.....o7.x..Vv.I#<L.I~..k........7......v.&.uJ~.<.Eu.Bm.........3.s..].X..../%..7.....E..q......n.>|.._.s...7.0N......O...&TE...".5w..T\.sJy..A.....p.2........t...N.\..D.x..........6+...6...-r....r}s7...<'....A.............L..h.3`.6......f......X..q..6_..sj..y..m......~i...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):512296
                                                                                                                                                                                                                        Entropy (8bit):6.105577244092262
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:iOC9uo2RjEPi/mQ1eEMA4Z/66S/it9aSh:iUBA6QzZAqt3h
                                                                                                                                                                                                                        MD5:9AF46426A5C164310DDD6FB6E77D78C2
                                                                                                                                                                                                                        SHA1:902C1CD86C1E15F96C19C04238296CE3B31C8FEF
                                                                                                                                                                                                                        SHA-256:0BDA8EA6FB5F46F110C18E72BCEF514D5CDF5270F310E7286D3D03A263ED8772
                                                                                                                                                                                                                        SHA-512:1B69C7D5B4286AFEC8906D6B3413287B53655769C6661FA2AEED6DD93A8B948C5BF4A231E43946B78EABBC10F1D6E280A7A7E144AF6F4E6B1F61A854F05AD43F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.o..........."...0.................. .....@..... ....................................`...@......@............... ..................................................(/........................................................................... ..H............text........ ...................... ..`.rsrc...............................@..@........................................H.......h/...8...........h..............................................J..(....sK...(F...*2s....o....&*..(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*.~....*..(....*Vs....(....t.........*..{....*..{....*n.(.....(......}......}....*.0..3.......sM...r=..p.(.....>...( .....(....(L......,...(....*.(6...-.ra..pr...p.(!....3...o"...*6.(.....o1...*.0..$........{....,.*..}....r...p.s#......($...*.0..N..............&+<..t....}.....{...........s%...o&...*.t'.......

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\concrt140.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):322672
                                                                                                                                                                                                                        Entropy (8bit):6.349766501622675
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:wvXgzuCmFn9TG1w91JjqFXAP4X/oT5ObNJnWzgs+VA1b:wauCmbT8w9a/N8zZ1b
                                                                                                                                                                                                                        MD5:9485D003573E0EAF7952AB23CC82EF7B
                                                                                                                                                                                                                        SHA1:75B1DCAFC21DDC7C3877CAEAC06BB04EBF09EA40
                                                                                                                                                                                                                        SHA-256:5E0E8EAC57B86E2DE7CA7D6E8D34DDDEA602CE3660208FB53947A027635D59A1
                                                                                                                                                                                                                        SHA-512:50BFDCC4F889CD40FE1B79BD3B32515C18836BC533D5590C95ECF4AF5041DF61C87DF6AD87EF9323E19771DE00D7D483FECD07FB7674DF380BE8839F6FF3256A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................%........&.....O........|...O......O......O......O......OJ.....O.....Rich...................PE..d...m............." ...&.................................................................`A.............................................M...................p...6......pP......|...."..p............................!..@...............P............................text...l........................... ..`.rdata...I.......J..................@..@.data....?...0...:..................@....pdata...6...p...6...V..............@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\msvcp140.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):573008
                                                                                                                                                                                                                        Entropy (8bit):6.5335737504680305
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:mPeu+VwM4PRpJOc8hdGE0bphVSvefIJQEKZm+jWodEEVwDaM:sqwpzSFJQEKZm+jWodEEq9
                                                                                                                                                                                                                        MD5:C3D497B0AFEF4BD7E09C7559E1C75B05
                                                                                                                                                                                                                        SHA1:295998A6455CC230DA9517408F59569EA4ED7B02
                                                                                                                                                                                                                        SHA-256:1E57A6DF9E3742E31A1C6D9BFF81EBEEAE8A7DE3B45A26E5079D5E1CCE54CD98
                                                                                                                                                                                                                        SHA-512:D5C62FDAC7C5EE6B2F84B9BC446D5B10AD1A019E29C653CFDEA4D13D01072FDF8DA6005AD4817044A86BC664D1644B98A86F31C151A3418BE53EB47C1CFAE386
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.(..bF..bF..bF...G..bF.....bF..bG..bF...G..bF...B..bF...E..bF...C..bF...F..bF....bF...D..bF.Rich.bF.........PE..d...M.10.........." ...&.2...T.......................................................b....`A........................................`1..h.......,............p...9...n..PP..............p...........................P...@............P...............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data....7...0......................@....pdata...9...p...:...&..............@..@.rsrc................`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\msvcp140_1.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):35920
                                                                                                                                                                                                                        Entropy (8bit):6.6037218761428065
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:vcSfZMC98zOoKF4tWci5gWLOCSt+e9UR9zsCc525yEFHRN76kUR9zsCcQfq:0SWC+zOjaIcdc9zOggElI9zOp
                                                                                                                                                                                                                        MD5:7B0A25EEE764D8747F02CB3ED980F07A
                                                                                                                                                                                                                        SHA1:9B9C827F8C6E7F497E88B83F0654BDF97C50C50F
                                                                                                                                                                                                                        SHA-256:1274292F4CC655F295272B37E08A9683B8BB8C419B61EA2E1F43EB4D22F02F90
                                                                                                                                                                                                                        SHA-512:3302EE0C62947F3EDDACBED0AE14F531DE24392E2C73B40AB9690E6BE5F869C3B525A27868A4507E7E80EC5DA68B71880731A6B105E16173BAA65C770F2666A7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..Q>pVQ>pVQ>pV.LqWS>pVXF.VU>pVW.tWV>pVW.sWS>pVQ>qV{>pVW.qWT>pVW.uWE>pVW.pWP>pVW..VP>pVW.rWP>pVRichQ>pV........PE..d...3G.5.........." ...&.....&....................................................../Z....`A.........................................?..L...<A..x....p.......`.......<..PP...........4..p...........................`3..@............0..8............................text............................... ..`.rdata..2....0......................@..@.data...8....P......................@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\msvcp140_2.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):268392
                                                                                                                                                                                                                        Entropy (8bit):6.52441819904249
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:fQlhTFL4EDrHNvteLN3XjlGXMdnrMWQcldb:mBVvaXjl5WWlb
                                                                                                                                                                                                                        MD5:AA0148E20D34C10E01A4A9E1BAB1D058
                                                                                                                                                                                                                        SHA1:D58A5E3D76403EE5A65A07201AA8A2FAD1A173D2
                                                                                                                                                                                                                        SHA-256:583AD842BCF2F77AF57D07B8F00ECA77BB2DF763DF96BB9C50F7E52031B54E42
                                                                                                                                                                                                                        SHA-512:2711A4CA8F387338DC97DA065D75FE602255CF6E0D1F60C3749311E090ABE4EA852E951C3C6E6350B8F742C4B88FACB22AB0959D9047B0507C3BF050782385F4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?&..{G..{G..{G...5..yG..r?k.wG..}...sG..}...xG..{G...G..}...|G..}...nG..}...zG..}...zG..}...zG..Rich{G..........................PE..d....u.t.........." ...&..................................................................`A........................................@..................................hP...........R..p............................Q..@...............x............................text...{........................... ..`.rdata..............................@..@.data....*.......&..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\msvcp140_atomic_wait.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):50280
                                                                                                                                                                                                                        Entropy (8bit):6.640596639957661
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:ZBRFMT8ZxzboOqnouLvaXeCo4LmxUMey9z5YAqo9z5gG:ZvofLvaXeN4LBMeOzuAqgzh
                                                                                                                                                                                                                        MD5:6722344B74084D0AF629283060716BAE
                                                                                                                                                                                                                        SHA1:36AA8EF02D3A308464C1EE8F75D6D118314202A0
                                                                                                                                                                                                                        SHA-256:C9FD25862B1B8B2977BF188A4E0C4460DADE43C31710283C2B42DBD3B15B4317
                                                                                                                                                                                                                        SHA-512:1F844BFFF36A7EC0CC3A04B5C88248D952C6C38B7048AE92DEA3FFD8670C8B1C412AD44F2501816F6B80BCA9D5BB8A06CD920D4682BB52F08EF66A8A1D826405
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.C......................D......*.......*..........b....*.......*.......*.......*(......*......Rich............PE..d.....gi.........." ...&.:...........>.......................................@......:1....`A........................................Pf..D....k....... ..........P....t..hP...0..X...`X..p........................... W..@............P..H............................text...~9.......:.................. ..`.rdata...$...P...&...>..............@..@.data...H............d..............@....pdata..P............f..............@..@.rsrc........ .......l..............@..@.reloc..X....0.......r..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\msvcp140_codecvt_ids.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):31856
                                                                                                                                                                                                                        Entropy (8bit):6.7937174645751135
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:r9agvUpWiYEW9xtSt+ebe1nR9zZ1xhkA/NEHRN7jVwR9zk0Qp9:r9tvfvxUc1R9zZfpAy9z5e9
                                                                                                                                                                                                                        MD5:165308EE66D0B8F11CA20F3BCD410EA9
                                                                                                                                                                                                                        SHA1:510969622B7F3C92C152ECFDC5FF08EDEFCB9594
                                                                                                                                                                                                                        SHA-256:08DF3AB1B59D1F7D63F0811838E4FCCC107087FCBC469D94975C0E44477058E7
                                                                                                                                                                                                                        SHA-512:10B98BA3E0C75519E661CF6FAE1797ACEFEA6F5FD48076C3E8C6BA26FE7F3B214BB0AB4F5B74F937D3CE91D65FF2B9ABA1FA584114BE924580283948862D8D78
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.z(...{...{...{..z...{...{...{.T.z...{...{,..{.T.z...{.T.z...{.T.z...{.T.z...{.T.{...{.T.z...{Rich...{................PE..d...~.b|.........." ...&............P........................................p............`A........................................p(..0....)..P....P.......@.......,..pP...`..,...."..p............................!..@............ ...............................text...h........................... ..`.rdata..B.... ......................@..@.data...X....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......*..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):872
                                                                                                                                                                                                                        Entropy (8bit):5.1509638642903175
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:NXTLrxqg31g8S6k0NstNPGAUs1ksB8OON1tE:NXH9qMabZ02tJGAUsCsWOOP+
                                                                                                                                                                                                                        MD5:0D4C7C2411E1BA411E24DE176494CA90
                                                                                                                                                                                                                        SHA1:3715BB3B5B1525155AFFF7F570C05CF2B0538ACF
                                                                                                                                                                                                                        SHA-256:DC4685144E93384E88D1FC6E6DD66F6C4E703ED9173A98819F2C8BCB28D983FC
                                                                                                                                                                                                                        SHA-512:BA9E7C8AFE9EAD6B3E4FFA36948AADDA281421182A70090B531EFE51F8F0F488AC1370E5007C9C183136FC6B1DB91B39BDFC56C428832A6ABF9DEBBFB84D5F23
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:$currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name..$localAppDataPath = [System.Environment]::GetFolderPath('LocalApplicationData')..$relativePath = "ZipThis\Updater.exe"..$fullPath = [System.IO.Path]::Combine($localAppDataPath, $relativePath)..$action = new-ScheduledTaskAction -Execute $fullPath..$trigger = new-ScheduledTaskTrigger -Daily -At ((Get-Date).AddHours(24)) -DaysInterval 1..$principal = New-ScheduledTaskPrincipal -UserId $currentUser -LogonType Interactive..$settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable -RestartCount 2 -RestartInterval (New-TimeSpan -Minutes 10) -RunOnlyIfNetworkAvailable..$task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -Settings $settings..register-ScheduledTask -TaskName "UpdateTaskZT" -InputObject $task

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\vcamp140.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):412752
                                                                                                                                                                                                                        Entropy (8bit):6.381781875789488
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:5RWVjpZts9k1EBKMft33SNC0sSHTBTjSWqNhycvzZQnj/6qaJzi8e:2PZtSkeBKMft3gC0xnSWkdy8
                                                                                                                                                                                                                        MD5:8441A618D2CEF67BDEDCA224FD61AFA2
                                                                                                                                                                                                                        SHA1:1875E3BC3306F8E3199C38736B9B4F215225220B
                                                                                                                                                                                                                        SHA-256:6CD300E597C477260809C5CA036993D923CD8BE304AE323C9C4D7776115FE62D
                                                                                                                                                                                                                        SHA-512:918D417BE21E837DBB8CFCD93A8EBF908928A87B1252EE330D0666A9EF8EBA0CF7095D5CEE3C85CAD1BD60C04DF73E79D714CBD31F7C37BA6119FB7DB319ADAC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.................A......................................................................-.......E.............Rich....................PE..d....W............" ...&.....L......pN.......................................@............`A............................................,8...f..T.......8$.......6......PP...0..P....9..p....................:..(....8..@............................................text............................... ..`.rdata..............................@..@.data....4...........h..............@....pdata...6.......8..................@..@.rsrc...8$.......&..................@..@.reloc..P....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\vccorlib140.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):348784
                                                                                                                                                                                                                        Entropy (8bit):6.047658390955032
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:MY2JXxXk4wV1J2Rv9DwCx1Rp9tuwqmhLhfdP2EcCkiNNWA/LL3OpawO5Qa2rUjLM:ShXrwUv9kCl2+WKf32aHlT9/h/Y
                                                                                                                                                                                                                        MD5:E3E6AA23DF3C78B29B0EE90E2712FC7E
                                                                                                                                                                                                                        SHA1:293E126093740FFA95062532D7512567C9648412
                                                                                                                                                                                                                        SHA-256:233E79C5AB80A2902B79C8B41E741DC06CD4A9FF8BCA99A025FE8077A35BE125
                                                                                                                                                                                                                        SHA-512:1DA327F531EBBF1D66C0AD485D1310FBAD4F7A4CD55C9ECE7901C0321C1ED7D2DE945B3C000E643403947AB69A19E189006CBFF92AA9A71B486FE863D2AEA373
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K*].*D..*D..*D..R...*D...E..*D...A..*D...@..*D...G..*D.GXE..*D..*E..*D...M..*D...D..*D......*D...F..*D.Rich.*D.........PE..d...-............" ...&.....~......P........................................@......*.....`A........................................ ....>......,................ ......pP... ..........p...........................p...@............................................text............................... ..`.rdata..............................@..@.data........0......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\vcomp140.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):196688
                                                                                                                                                                                                                        Entropy (8bit):6.455243093194337
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:OFxwRpcDSgiN1hHxRB+s5zgexVahxUE+30/eRyjyTIZV1YakAU1Bvwp/lC5:K+R5giNjxRhHxV4EseRyjyQIv8/l
                                                                                                                                                                                                                        MD5:EF76327FF132A48F3BAC24598C99B373
                                                                                                                                                                                                                        SHA1:71D2BCA744724AA55C16E74B1ED22B61CCFD8920
                                                                                                                                                                                                                        SHA-256:D49B394DE1154176B39611C37C669EBFF50AA5A818DBD5FF3D2214A299368DDD
                                                                                                                                                                                                                        SHA-512:B3AA61EC77CE171B6A7910F0D973E8393DFC457DB0D5E6035E18EB4CF9D75CA9E4A9FE012E91C2ACF4E9B944535B15CC99AD15A1273E1FDD651FF5406A26CCFA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[..@.pn..pn..pn...m..pn...k.dpn...j..pn..pn..pn...k..pn...j..pn...o..pn..po.ppn...m..pn...g..pn...n..pn.....pn...l..pn.Rich.pn.........................PE..d.....F..........." ...&.....".......h....................................... ............`A.........................................p......8~..(...............,.......PP......(....R..p............................Q..@............................................text...'........................... ..`.rdata..............................@..@.data...D%...........p..............@....pdata..,............|..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\vcruntime140.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):119376
                                                                                                                                                                                                                        Entropy (8bit):6.605105564769165
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:BqvQFDdwFBHKaPX8YKpWgeQqbekRG7MP4ddbHecbWcmpCGtodMzDZ92zfa:BqvQFDUXqWn7CkRG7jecbWb9toaera
                                                                                                                                                                                                                        MD5:E9B690FBE5C4B96871214379659DD928
                                                                                                                                                                                                                        SHA1:C199A4BEAC341ABC218257080B741ADA0FADECAF
                                                                                                                                                                                                                        SHA-256:A06C9EA4F815DAC75D2C99684D433FBFC782010FAE887837A03F085A29A217E8
                                                                                                                                                                                                                        SHA-512:00CF9B22AF6EBBC20D1B9C22FC4261394B7D98CCAD4823ABC5CA6FDAC537B43A00DB5B3829C304A85738BE5107927C0761C8276D6CB7F80E90F0A2C991DBCD8C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.... ............" ...&. ...d.......................................................:....`A.........................................e..4...4m..........................PP...........N..p............................L..@............0...............................text...V........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\vcruntime140_1.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):49744
                                                                                                                                                                                                                        Entropy (8bit):6.675573056871668
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:oPIyGVrxmKqOnA4j3z6S2X7pudLAivD9zigElY7ivD9zG:XBr87uWFLpudBvpziZ1vpzG
                                                                                                                                                                                                                        MD5:EB49C1D33B41EB49DFED58AAFA9B9A8F
                                                                                                                                                                                                                        SHA1:61786EB9F3F996D85A5F5EEA4C555093DD0DAAB6
                                                                                                                                                                                                                        SHA-256:6D3A6CDE6FC4D3C79AABF785C04D2736A3E2FD9B0366C9B741F054A13ECD939E
                                                                                                                                                                                                                        SHA-512:D15905A3D7203B00181609F47CE6E4B9591A629F2BF26FF33BF964F320371E06D535912FDA13987610B76A85C65C659ADAC62F6B3176DBCA91A01374178CD5C6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....=..........." ...&.<...8.......B....................................................`A........................................Pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\vcruntime140_threads.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):38512
                                                                                                                                                                                                                        Entropy (8bit):6.770837685226852
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:XcGvEQQVHOn645dKADczXKxUMKu9z/ezdA99z5K:MtVHa5dKADcjdmzYdAfzo
                                                                                                                                                                                                                        MD5:5F533A0A43600153ECDE78ABAA7D614E
                                                                                                                                                                                                                        SHA1:C0E2438FDB059F6AACCA0FB0DB401767D8010201
                                                                                                                                                                                                                        SHA-256:52890AA0EF3E8EEE53684FCB7D1C1AA76AD0E03F5664D184B424402916F26715
                                                                                                                                                                                                                        SHA-512:702ABC2914A0CF720133EB267A50F37AFDA5C2489F371B6B691031E62EEFED3B7C91C49645C88DD638F870B9EB7E3B463F6EAA43AD5D53D6CB7D224C90A35201
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........j|.Dj|.Dj|.D...Eh|.Dl..Eh|.Dc.YDm|.Dj|.D*|.Dl..Eb|.Dl..Ei|.Dl..Ef|.Dl..Ek|.Dl.5Dk|.Dl..Ek|.DRichj|.D........................PE..d.....Z..........." ...&. ...(......`#..............................................~.....`A........................................p;.......>..x....p.......`..$....F..pP......0....4..p...........................p3..@............0...............................text............ .................. ..`.rdata..H....0.......$..............@..@.data........P.......:..............@....pdata..$....`.......<..............@..@.rsrc........p.......@..............@..@.reloc..0............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\ZipThis\zipthisUserId.txt

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36
                                                                                                                                                                                                                        Entropy (8bit):3.474937501201927
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:tz3Nts7AgEf1:p37sE91
                                                                                                                                                                                                                        MD5:913926B64AD8C09D0C6BA0A1311274B7
                                                                                                                                                                                                                        SHA1:656EA393F571100E2AA2BE1C4C4B411D480AD66A
                                                                                                                                                                                                                        SHA-256:98DA046DD93A5EE867A67912503F93A5C1D5B1E19F0675C02BF14B099B4AC159
                                                                                                                                                                                                                        SHA-512:25423B27F8A59B8D4DA3F23A8139A4A174634CD86C60E07559E8C980516C0417871F95BCEDA9976AED7014D681F8DB9DF315F05D65089B95A6E0F10576D94D5A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:aa4008ff-463e-4ce6-8230-e38f8a67e3cf

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 17:52:04 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2673
                                                                                                                                                                                                                        Entropy (8bit):3.990491039132107
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:8AdtThL1BH2idAKZdA1FehwiZUklqehRy+3:8KH6+y
                                                                                                                                                                                                                        MD5:0DABA8B4582EF167A0A49212DF038E5C
                                                                                                                                                                                                                        SHA1:A593D1A78F16652A44BA99E69070E756D894C9DF
                                                                                                                                                                                                                        SHA-256:A1FC8782C4C0ACAA19D22241E200C81FFB83B69C235B7420541FFB74C852DB58
                                                                                                                                                                                                                        SHA-512:52BCDF9F4060C3EBD07CD2F723D53209579FC114DED629FC8F5832151A4BA8FCE13651B564E9E2BA59218A661CAC86B16687E004771654FF4A58642E891F0775
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,......=.l`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Zh.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 17:52:04 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2675
                                                                                                                                                                                                                        Entropy (8bit):4.007163453241934
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:88dtThL1BH2idAKZdA1seh/iZUkAQkqehuy+2:8GH09Qzy
                                                                                                                                                                                                                        MD5:E9C90231C51F794A9F74E8B8509AB308
                                                                                                                                                                                                                        SHA1:8B2A4804D4876CF4D62CD800D0AC73BAD3C8F353
                                                                                                                                                                                                                        SHA-256:D98E206869A5A59CD9B4D455DA03FB239B2A3ADCB7C1B6B47AD0DB01170C0344
                                                                                                                                                                                                                        SHA-512:D0D6E024D02DD9F3B63DA43FEE863B2F337B17A65A1A013E10531A1CCBF59408EC8561B60E350BECF7BF62B82E55C900AA95693D874201129DEAC80D84ADCC7E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,........l`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Zh.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2689
                                                                                                                                                                                                                        Entropy (8bit):4.0152776093446585
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:8adtThL1AH2idAKZdA14meh7sFiZUkmgqeh7sYy+BX:84HLnqy
                                                                                                                                                                                                                        MD5:3891062F5C3CF8E534D93C4F6708B6C7
                                                                                                                                                                                                                        SHA1:9D332EFB56BBE2ADBF522B5382948AFEBE51406C
                                                                                                                                                                                                                        SHA-256:2E7808BEE879E62D2C57A5D51395B4A9EB90B29C606FB1ABB89216EB3E1BE2E8
                                                                                                                                                                                                                        SHA-512:8A0C1E288F9A3B4F24AF913554971A4BCBD9E0A78B0C7D1DCB67D76EA6AD9B298CA36C1B930809441EB801D53BD8F01E7343CC0DC381E36C4DD53FD0EECC4295
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Zh.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 17:52:03 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2677
                                                                                                                                                                                                                        Entropy (8bit):4.005148769514842
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:8X+dtThL1BH2idAKZdA1TehDiZUkwqehCy+R:8MHvQy
                                                                                                                                                                                                                        MD5:718DFFE83ADD7F6C5E531DD844B6653A
                                                                                                                                                                                                                        SHA1:AB6B80CDCC922F55170BC21BE15367DE2506C2E0
                                                                                                                                                                                                                        SHA-256:FE732A2956363004CF44EAD85756F965D020D82A0F5D4FBE8C9AEF09572B7CE4
                                                                                                                                                                                                                        SHA-512:53B27E9F1939014B5695870AB38A136A732778795F2194FDE05E8837674161BEC89048C89032EFB5C030305248FC4DAD15A86A5ACC4549C4FBB4D80ECCE66FFC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,.......l`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Zh.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 17:52:04 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2677
                                                                                                                                                                                                                        Entropy (8bit):3.9938099490413537
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:8PdtThL1BH2idAKZdA1dehBiZUk1W1qehEy+C:8THv9ky
                                                                                                                                                                                                                        MD5:9D29D12D1FEDB318F6C0118E4F0B309B
                                                                                                                                                                                                                        SHA1:3F1BA3ABB23EF20437CFAC16B602ECC2CE4C4065
                                                                                                                                                                                                                        SHA-256:8C857691D5F58652B3DA6F1F8F2525E6E973033F2E85030037780027D1A09981
                                                                                                                                                                                                                        SHA-512:202048BE2E66ED665B821B0C336BB4A930319D5130383A009EA465501D122FF50088E2004561C9DA9BD03FB61F683390C51B30F50EB334E0837C70AA6104E1AF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,........l`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Zh.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 17:52:03 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2679
                                                                                                                                                                                                                        Entropy (8bit):4.0006157853781135
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:8bdtThL1BH2idAKZdA1duTeehOuTbbiZUk5OjqehOuTbqy+yT+:8vHTTfTbxWOvTbqy7T
                                                                                                                                                                                                                        MD5:35E6705F20496C5FA354366AA891570A
                                                                                                                                                                                                                        SHA1:51E2718B0CFCF05E82E84F9D0B45B64F141FCD20
                                                                                                                                                                                                                        SHA-256:213500CEFAA78135BBA8FB177B765B88D27385E0608958E5784D94C618A92913
                                                                                                                                                                                                                        SHA-512:9A47A15CB88D9A112A61BFB42FDE2EFFCC8B770B63237AA982000876113758EDC7852F1EBD8FB55AED7845E7B9B86786DF10EDB6893458D5E348AE302640CB12
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,....c...l`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Zh.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\SMCR\userId.txt

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36
                                                                                                                                                                                                                        Entropy (8bit):3.474937501201927
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:tz3Nts7AgEf1:p37sE91
                                                                                                                                                                                                                        MD5:913926B64AD8C09D0C6BA0A1311274B7
                                                                                                                                                                                                                        SHA1:656EA393F571100E2AA2BE1C4C4B411D480AD66A
                                                                                                                                                                                                                        SHA-256:98DA046DD93A5EE867A67912503F93A5C1D5B1E19F0675C02BF14B099B4AC159
                                                                                                                                                                                                                        SHA-512:25423B27F8A59B8D4DA3F23A8139A4A174634CD86C60E07559E8C980516C0417871F95BCEDA9976AED7014D681F8DB9DF315F05D65089B95A6E0F10576D94D5A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:aa4008ff-463e-4ce6-8230-e38f8a67e3cf

                                                                                                                                                                                                                        C:\Users\user\Desktop\ZipThisApp.lnk

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Mon Jan 6 17:51:54 2025, mtime=Mon Jan 6 17:51:54 2025, atime=Mon Jan 6 17:51:54 2025, length=512296, window=hide
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2013
                                                                                                                                                                                                                        Entropy (8bit):3.785544989893268
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:84TaBOAz8HNtetRy3toQQAyfrSYaE7MH3NkiO4ZgYq7MH3NHEvqygm:8ZO88HjetRcWAyTSYaEwNkiZvqwNvyg
                                                                                                                                                                                                                        MD5:F8784A83A258DD946935BB03820F1574
                                                                                                                                                                                                                        SHA1:1758871F15EC45DD31C3FC2E04FF68D20E7F89BF
                                                                                                                                                                                                                        SHA-256:83B54F0A8C7CD5DD257F583A8898B14E2C8B169BF9D1427A57160D5A3D5C362A
                                                                                                                                                                                                                        SHA-512:D80C0A2CF92C106E35288C49101AFEFC490739F579B74482340F9C99C6271E5322062757E64375965A6EFF7FCB1ED208B34FB0252470B8E874C921632A74EE8C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:L..................F.@.. .......l`......l`......l`..(.........................:..DG..Yr?.D..U..k0.&...&.........{4.......k`...i..l`......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H&Zh...............................A.p.p.D.a.t.a...B.P.1.....&Zs...Local.<......FW.H&Zs...........................D]`.L.o.c.a.l.....V.1.....&Zv...ZipThis.@......&Zs.&Zv...........................$9,.Z.i.p.T.h.i.s.....j.2.(...&Z|. .ZIPTHI~1.EXE..N......&Z|.&Z|..........................u&..Z.i.p.T.h.i.s.A.p.p...e.x.e.......a...............-.......`...........6........C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe....Z.i.p.T.h.i.s.A.p.p.'.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.Z.i.p.T.h.i.s.\.Z.i.p.T.h.i.s.A.p.p...e.x.e.A.C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.Z.i.p.T.h.i.s.\.B.a.s.e.V.4...B.e.l.o.n.g.i.n.g.s...f.a.v.i.c.o.n...i.c.o.........%USERPROFILE%\AppData\Local\ZipThis\BaseV4.Belongings.favicon.ico........................................................

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Entropy (8bit):7.182451876726584
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                                                                                                                                                                        • Win64 Executable GUI (202006/5) 46.43%
                                                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 2.76%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.46%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.46%
                                                                                                                                                                                                                        File name:ZipThis.exe
                                                                                                                                                                                                                        File size:2'820'904 bytes
                                                                                                                                                                                                                        MD5:22a6cb7348b496600e7151a8112cbac9
                                                                                                                                                                                                                        SHA1:f0cd50658868a3d347beff6977a54520c19ab640
                                                                                                                                                                                                                        SHA256:bf2f238d09ac55e7baf3d73c80c82d3df935daa6b94adf67a299ad3665e879e2
                                                                                                                                                                                                                        SHA512:c56cfc209f93873fd147e00bd515f1ff0463063ffa7a91c00f7c0d939fc19eefac6df700914363d630ba575e21d7c4aeb0cbc33deef38387c7e94f580d4ceaf0
                                                                                                                                                                                                                        SSDEEP:49152:He3Za5f/udkuhTST6+PcCGXvBa90FwBExhHgZze:mY3cw2+kCGXm0FwOVOze
                                                                                                                                                                                                                        TLSH:0ED5ADC2A351C24BC506197582B2C363A226AF5C7E13BE37667736F99C4B5A40E363F4
                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....G..........."...0...).............. .....@..... ....................... +.....Y.+...`...@......@............... .....

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:1364e4e4e4e46817

                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Entrypoint:0x140000000
                                                                                                                                                                                                                        Entrypoint Section:
                                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                        Time Stamp:0xBF47FCA7 [Fri Sep 11 02:59:51 2071 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                        Import Hash:

                                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                                        Signature Valid:true
                                                                                                                                                                                                                        Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                        Error Number:0
                                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                                        • 21/02/2024 13:51:07 21/02/2025 13:51:07
                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                        • E=contactus@lightnertok.com, CN=LIGHTNER TOK LTD, O=LIGHTNER TOK LTD, L=Tel Aviv-Jaffa, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516201944, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                                        Thumbprint MD5:CEC13869EA7B5624B992C775556F2F58
                                                                                                                                                                                                                        Thumbprint SHA-1:B0F054A3A02999D47B5FADE5C33FA9C9FE1B951F
                                                                                                                                                                                                                        Thumbprint SHA-256:661CCA115D81F163E9E7C33A3D60D2BFC02F95829864B132267E130EDA8DAE07
                                                                                                                                                                                                                        Serial:4469809AA0E206829C99CD18

                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        dec ebp
                                                                                                                                                                                                                        pop edx
                                                                                                                                                                                                                        nop
                                                                                                                                                                                                                        add byte ptr [ebx], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax+eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2940000x1d584.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x2adc000x2f28.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x2922a40x1c.text
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x20000x2902c00x290400380e6a4c9b8a10139f93c67c76d7a804unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rsrc0x2940000x1d5840x1d600ca7c8a85dbd39bfd8848ee09820b1354False0.2474650930851064data4.9262202797788746IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                        RT_ICON0x2941a00x47e1PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9756534970925493
                                                                                                                                                                                                                        RT_ICON0x2989940x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09379805986040458
                                                                                                                                                                                                                        RT_ICON0x2a91cc0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.1300188946622579
                                                                                                                                                                                                                        RT_ICON0x2ad4040x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.15425311203319503
                                                                                                                                                                                                                        RT_ICON0x2af9bc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.20098499061913697
                                                                                                                                                                                                                        RT_ICON0x2b0a740x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24822695035460993
                                                                                                                                                                                                                        RT_GROUP_ICON0x2b0eec0x5adata0.7666666666666667
                                                                                                                                                                                                                        RT_VERSION0x2b0f580x370data0.4318181818181818
                                                                                                                                                                                                                        RT_MANIFEST0x2b12d80x2a5XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5199409158050221

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.012891054 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.012939930 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.013051033 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.037378073 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.037393093 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.519088030 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.519164085 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.523680925 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.523699045 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.524003029 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.567085028 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.702446938 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.747340918 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.807512045 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.825953007 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.825970888 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.989033937 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.989399910 CET4435799745.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.989463091 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.999433994 CET57997443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:40.492445946 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                        Jan 6, 2025 19:51:40.792038918 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                        Jan 6, 2025 19:51:41.395041943 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                        Jan 6, 2025 19:51:42.396895885 CET57998443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:42.396950006 CET4435799845.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:42.397043943 CET57998443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:42.397365093 CET57998443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:42.397382021 CET4435799845.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:42.601025105 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                        Jan 6, 2025 19:51:42.887022972 CET4435799845.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:42.888623953 CET57998443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:42.888660908 CET4435799845.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:43.030353069 CET4435799845.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:43.035114050 CET57998443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:43.035140038 CET4435799845.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:43.188736916 CET4435799845.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:43.189150095 CET4435799845.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:51:43.189213991 CET57998443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:43.189677954 CET57998443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:51:43.467766047 CET5798280192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:51:45.010032892 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                        Jan 6, 2025 19:51:48.666430950 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                        Jan 6, 2025 19:51:48.969029903 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                        Jan 6, 2025 19:51:49.575017929 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                        Jan 6, 2025 19:51:49.815038919 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                        Jan 6, 2025 19:51:50.790672064 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                        Jan 6, 2025 19:51:53.136177063 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:51:53.200052977 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                        Jan 6, 2025 19:51:53.439080954 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:51:54.045049906 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:51:55.260046005 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:51:57.671071053 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:51:58.013098955 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                        Jan 6, 2025 19:51:59.418144941 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.503058910 CET58005443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.503103018 CET4435800545.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.503223896 CET58005443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.503966093 CET58005443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.503978968 CET4435800545.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.979587078 CET4435800545.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.979697943 CET58005443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.982239008 CET58005443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.982249975 CET4435800545.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.982491970 CET4435800545.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.983455896 CET58005443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:01.027340889 CET4435800545.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:01.126991034 CET4435800545.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:01.127079964 CET4435800545.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:01.127150059 CET58005443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:01.132981062 CET58005443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.477880955 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.613328934 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.613372087 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.613446951 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.616236925 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.616250038 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.760982990 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.761030912 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.761581898 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.762212038 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.762226105 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.077759027 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.078135014 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.078152895 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.079355001 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.079421997 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.081619978 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.081687927 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.082454920 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.082461119 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.129090071 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.247076988 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.247518063 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.247543097 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.248655081 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.248723984 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.249161005 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.249229908 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.303081036 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.303102016 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.314260960 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.314306021 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.314333916 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.314371109 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.314393044 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.314420938 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.314445972 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.314479113 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.315525055 CET58007443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.315540075 CET44358007104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.329226971 CET58011443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.329252005 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.329318047 CET58011443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.329858065 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.330121994 CET58011443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.330137014 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.335629940 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.335659981 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.335742950 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337357044 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337414026 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337527990 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337620020 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337635040 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337977886 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337985992 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.338156939 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.338171005 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.338201046 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.338385105 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.338390112 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.375334978 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.535536051 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.535571098 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.535594940 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.535619974 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.535653114 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.535677910 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.535691023 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536144972 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536176920 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536192894 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536200047 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536241055 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536246061 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536273003 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536319017 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536346912 CET58010443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.536360025 CET44358010104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.797492027 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.797743082 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.797780037 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.798903942 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.798959017 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.800012112 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.800086021 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.800189018 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.800196886 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.804841042 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.805124044 CET58011443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.805136919 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.805506945 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.805805922 CET58011443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.805871010 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.805917025 CET58011443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.815184116 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.815383911 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.815397024 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.816436052 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.816499949 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.817423105 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.817500114 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.817564011 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.826149940 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.826359987 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.826380014 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.827557087 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.827609062 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.828378916 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.828444004 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.828504086 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.847316980 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.847477913 CET58011443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.847497940 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.859335899 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.863090038 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.863097906 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.875334978 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.879072905 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.879087925 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.895184994 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.898014069 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.898050070 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.898077965 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.898108006 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.898128033 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.898140907 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.898159027 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.898180008 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.898657084 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.903915882 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.903963089 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.903989077 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.903989077 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.904000044 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.904062986 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.904069901 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.904114008 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.911093950 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.927084923 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.927730083 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.942500114 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.942549944 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.942641020 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.942697048 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.943623066 CET58012443192.168.2.16104.17.24.14
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.943645000 CET44358012104.17.24.14192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974087000 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974152088 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974186897 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974219084 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974237919 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974255085 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974289894 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974291086 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974320889 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974327087 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974337101 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974373102 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.974667072 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.975090981 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.978732109 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.978764057 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.978789091 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.978802919 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.978809118 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.978835106 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.985353947 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.985404968 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.985436916 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.985483885 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.985492945 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.985543013 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.985685110 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.985980034 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986042976 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986083031 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986095905 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986103058 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986130953 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986138105 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986578941 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986584902 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986713886 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986788988 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986816883 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986845970 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986851931 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986871958 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.986901999 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987426996 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987433910 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987654924 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987756014 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987761974 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987799883 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987829924 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987864017 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987879038 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987885952 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.987905025 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.023116112 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.039076090 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.039088011 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.042207956 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.042253971 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.042304993 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.042386055 CET58011443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.042994022 CET58011443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.043008089 CET44358011104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.052213907 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.052249908 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.052325010 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.052516937 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.052531958 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067169905 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067291975 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067341089 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067373991 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067403078 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067405939 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067423105 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067430973 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067462921 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067470074 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067733049 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067761898 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067783117 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067789078 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067821980 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067856073 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067868948 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067874908 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.067897081 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068618059 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068648100 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068679094 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068686008 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068752050 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068799019 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068804979 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068845034 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068854094 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068859100 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068906069 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.068911076 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073334932 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073343039 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073376894 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073394060 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073402882 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073422909 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073436975 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073455095 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073460102 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073481083 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073887110 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073940992 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073946953 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073960066 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.073991060 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.074013948 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.074079990 CET58014443192.168.2.16151.101.130.137
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.074090004 CET44358014151.101.130.137192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.076908112 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.076936960 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.076997042 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.077224970 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.077234030 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.107398987 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.107434034 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.107470989 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.107490063 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.107858896 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.158989906 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159123898 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159190893 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159225941 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159282923 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159306049 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159317970 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159322023 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159364939 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159406900 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159490108 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.159985065 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.160037041 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.160242081 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.160298109 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.160650969 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.160705090 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.160773039 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.160836935 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.160888910 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.160924911 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.161648989 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.161704063 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.161737919 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.161783934 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.161874056 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.161926031 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.162580013 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.162632942 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.199804068 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.199873924 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251368046 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251431942 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251434088 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251442909 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251478910 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251605034 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251650095 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251769066 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251812935 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251883030 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.251929045 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.252413988 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.252460957 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.252558947 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.252610922 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.252641916 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.252695084 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.252837896 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.252887011 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.253258944 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.253324032 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.253350973 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.253393888 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.253547907 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.253577948 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.253592968 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.253597975 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.253611088 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.254125118 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.254152060 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.254194975 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.254201889 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.254213095 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.254257917 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.254383087 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.254390955 CET44358013104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.254407883 CET58013443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.465473890 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.465512037 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.465585947 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.466172934 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.466183901 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.517313004 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.517643929 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.517672062 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.518745899 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.518810034 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.519859076 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.519943953 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.520083904 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.562082052 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.562094927 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.610089064 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.720498085 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.720783949 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.720809937 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.721085072 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.721535921 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.721602917 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.721673012 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.767333031 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891263008 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891319990 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891361952 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891377926 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891397953 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891439915 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891447067 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891554117 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891590118 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891592979 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891598940 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.891632080 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.892091036 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.892142057 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.892194033 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.892200947 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.896013975 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.896080971 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.896085978 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.934406042 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.937235117 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.937244892 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.937589884 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.938460112 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.938523054 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.938671112 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.948343039 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.979516983 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.979599953 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.979628086 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.979675055 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.979681969 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.979728937 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.979775906 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.979978085 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980045080 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980048895 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980323076 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980350018 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980381966 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980386972 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980432987 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980442047 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980446100 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.980494976 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.981139898 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.981211901 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.981271029 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.981276035 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.981328011 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.981353998 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.981367111 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.981370926 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.981409073 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982032061 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982132912 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982171059 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982187986 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982192993 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982242107 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982247114 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982409000 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982470989 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982501030 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982516050 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982523918 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982534885 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982561111 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982708931 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982733011 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982744932 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982753038 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982781887 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982795000 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982800961 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.982863903 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.983269930 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.983335972 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.989821911 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.989861012 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.989871025 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.024085045 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.024091959 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.040100098 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068068981 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068140984 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068147898 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068159103 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068205118 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068219900 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068391085 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068398952 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068430901 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068449020 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068459988 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068495035 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068502903 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068532944 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.068571091 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.069562912 CET58017443192.168.2.16104.18.10.207
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.069582939 CET44358017104.18.10.207192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.070561886 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.070663929 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.070704937 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.078104019 CET58016443192.168.2.16151.101.65.229
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.078120947 CET44358016151.101.65.229192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079550028 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079615116 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079651117 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079663992 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079689026 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079739094 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079745054 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079752922 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079797983 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079804897 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079935074 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.079981089 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.096381903 CET58018443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:05.096405983 CET44358018104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.420901060 CET58021443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.420945883 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.421016932 CET58021443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.421431065 CET58021443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.421446085 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.561841011 CET58022443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.561901093 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.561990976 CET58022443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.566977978 CET58022443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.567001104 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.605700016 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.605743885 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.605797052 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.605971098 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.605986118 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.793534994 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.793581009 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.793646097 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.793845892 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.793859005 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.897178888 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.897265911 CET58021443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.899281979 CET58021443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.899300098 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.899637938 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.900726080 CET58021443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.947339058 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.045803070 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.046180010 CET58021443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.046206951 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.059775114 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.059886932 CET58022443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.061685085 CET58022443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.061691046 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.061973095 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.105462074 CET58022443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.151323080 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.231956959 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.234422922 CET58022443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.234432936 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.239057064 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.239310980 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.239346027 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.240402937 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.240461111 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.280649900 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.280884981 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.280910015 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.281980991 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.282047987 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.342308998 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.342957020 CET4435802145.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.343049049 CET58021443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.343486071 CET58021443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.503644943 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.504020929 CET4435802245.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.507668018 CET58022443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.528572083 CET58022443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:07.617093086 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.018230915 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.018239975 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.018291950 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.019059896 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.019071102 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084836960 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084880114 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084953070 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.085151911 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.085170984 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.085443974 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.085490942 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.085586071 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.085769892 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.085784912 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.133429050 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.133533001 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.133642912 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.133945942 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.133981943 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.202977896 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.203012943 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.203088045 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.203361988 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.203377008 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.206928968 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.206959963 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.207109928 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.207288980 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.207300901 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.220689058 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.220730066 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.220793962 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.221004009 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.221019030 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.275329113 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.275361061 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.275504112 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.275702953 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.275713921 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.339392900 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.339410067 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.339473963 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.339683056 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.339694977 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.376571894 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.376624107 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.376684904 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.376883030 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.376897097 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.379511118 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.379667044 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.379750013 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.379766941 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.423849106 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.424006939 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.424020052 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.424043894 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.425885916 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.425934076 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.426218987 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.426448107 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.426460981 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.430119991 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.477123022 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.477155924 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.525127888 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.543757915 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.544020891 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.544044971 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.544414043 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.544476986 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.545110941 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.545170069 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.546149969 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.546221972 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.546430111 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.546439886 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.589107037 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.602001905 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.602271080 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.602297068 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.602734089 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.602801085 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.603550911 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.603602886 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.603733063 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.603858948 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.603871107 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.647330999 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.653100967 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.653124094 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.657692909 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.657707930 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.657766104 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.657829046 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.658092022 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.658132076 CET44358031216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.658184052 CET58031443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.658550024 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.658747911 CET58025443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.658771038 CET44358025142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.659048080 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.659077883 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.660089970 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.660156012 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.660931110 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.661010027 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.661062956 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.701121092 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.701128006 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.701126099 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.729265928 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.729536057 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.729561090 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.730562925 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.730628014 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.731462955 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.731528044 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.731600046 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.731611013 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.749130011 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.781117916 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.784306049 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.784799099 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.784881115 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.785566092 CET58033443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.785586119 CET44358033216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.846735954 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.847028017 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.847054005 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.848161936 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.848223925 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.849216938 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.849335909 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.849373102 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.849404097 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.858649015 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.858917952 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.858937025 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.859993935 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.860085011 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.861027956 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.861113071 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.861175060 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.861190081 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.866364956 CET58043443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.866405964 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.866478920 CET58043443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.866750002 CET58043443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.866766930 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.873986006 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.874197960 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.874211073 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.875235081 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.875317097 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.876410007 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.876482964 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.876558065 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.876566887 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.891124010 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.891136885 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.907124996 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.923126936 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.926901102 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.927002907 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.927081108 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.927696943 CET58027443192.168.2.16104.18.1.75
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.927712917 CET44358027104.18.1.75192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.928956032 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.929199934 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.929225922 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.930233955 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.930314064 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.930593967 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.930661917 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.930732012 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.939120054 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.941467047 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.941505909 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.941531897 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.941556931 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.941562891 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.941585064 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.941598892 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.941704035 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.941751003 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.942374945 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.942389965 CET44358030142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.942403078 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.942435980 CET58030443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.944945097 CET58044443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.944988012 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.945127964 CET58044443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.945395947 CET58044443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.945408106 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.971124887 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.971148968 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.971756935 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.971983910 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.972002983 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.973054886 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.973113060 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.997296095 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.997433901 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.997787952 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.997819901 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.997833967 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.997859955 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.998058081 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.998218060 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.998234034 CET4435803274.125.71.156192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.998244047 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.998326063 CET58032443192.168.2.1674.125.71.156
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.019134998 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.022408009 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.022640944 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.022658110 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.023704052 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.023770094 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.024034977 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.024091005 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.024158955 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.051130056 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.054838896 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.055066109 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.055075884 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.056143999 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.056209087 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.056485891 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.056549072 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.059391022 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.059524059 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.059592962 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.060060978 CET58035443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.060071945 CET44358035142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.067107916 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.067116976 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.099098921 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.099112988 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.115123987 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.146121979 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.162620068 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.162753105 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.162805080 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.163897991 CET58037443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.163918018 CET44358037142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.168953896 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.169018030 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.169038057 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.169090986 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.169595957 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.169612885 CET44358036142.250.186.38192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.169621944 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.169677019 CET58036443192.168.2.16142.250.186.38
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.216053963 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.216172934 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.216332912 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.216927052 CET58038443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.216938019 CET44358038142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.255170107 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.255247116 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.255381107 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.255610943 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.255621910 CET44358039142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.255630970 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.255820036 CET58039443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.257626057 CET58046443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.257666111 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.257734060 CET58046443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.257940054 CET58046443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.257952929 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.307235003 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.307341099 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.307393074 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.307965994 CET58040443192.168.2.16142.250.185.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.307976007 CET44358040142.250.185.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.505470037 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.505719900 CET58043443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.505740881 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.506088018 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.506372929 CET58043443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.506444931 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.506527901 CET58043443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.506572008 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.580719948 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.580997944 CET58044443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.581034899 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.581362963 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.581651926 CET58044443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.581717968 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.581787109 CET58044443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.581804037 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.622131109 CET58044443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.703942060 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.704024076 CET58043443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.704041958 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.704081059 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.704261065 CET58043443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.704617023 CET58043443192.168.2.16142.250.186.66
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.704637051 CET44358043142.250.186.66192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.706233978 CET58047443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.706273079 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.706423998 CET58047443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.706609011 CET58047443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.706623077 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.775880098 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.775969028 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.776051998 CET58044443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.776762009 CET58044443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.776786089 CET44358044142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.887048006 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.889329910 CET58046443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.889357090 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.889755964 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.897025108 CET58046443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.897130013 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.898963928 CET58046443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:09.943325996 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.120482922 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.120656967 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.120714903 CET58046443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.121545076 CET58046443192.168.2.16142.250.185.230
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.121561050 CET44358046142.250.185.230192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.166037083 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.166064978 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.166131973 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.166341066 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.166356087 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.342394114 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.342657089 CET58047443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.342679024 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.343010902 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.343305111 CET58047443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.343375921 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.343478918 CET58047443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.343537092 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.386152983 CET58047443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.544924974 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.545007944 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.545066118 CET58047443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.545835018 CET58047443192.168.2.16142.250.185.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.545850992 CET44358047142.250.185.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.791775942 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.792057037 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.792083979 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.792402029 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.792465925 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.793015957 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.793100119 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.794059992 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.794127941 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.794351101 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.794359922 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.849111080 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.094984055 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.095709085 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.095786095 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.096297026 CET58049443192.168.2.16172.217.23.98
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.096313953 CET44358049172.217.23.98192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.104969978 CET58050443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.105010986 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.105106115 CET58050443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.105457067 CET58050443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.105473042 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.115308046 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.115353107 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.115442991 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.115637064 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.115648985 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.571408033 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.572812080 CET58050443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.572844982 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.573191881 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.573591948 CET58050443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.573657990 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.573759079 CET58050443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.602807999 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.603077888 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.603105068 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.604161024 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.604228973 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.605433941 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.605498075 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.605586052 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.605592966 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.615341902 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.648158073 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.719108105 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.719213963 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.719449997 CET58050443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.719866037 CET58050443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.719882965 CET44358050104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:12.030174971 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:12.030242920 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:12.030298948 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:12.031074047 CET58051443192.168.2.16104.18.2.200
                                                                                                                                                                                                                        Jan 6, 2025 19:52:12.031095028 CET44358051104.18.2.200192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:12.078136921 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.143491983 CET58052443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.143537998 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.143596888 CET58052443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.143815041 CET58052443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.143829107 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.147283077 CET5798480192.168.2.16104.18.21.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.147284031 CET5798580192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.154092073 CET8057984104.18.21.226192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.154103994 CET8057985192.229.211.108192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.154145002 CET5798480192.168.2.16104.18.21.226
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.154164076 CET5798580192.168.2.16192.229.211.108
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.633246899 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.633524895 CET58052443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.633544922 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.633910894 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.634284973 CET58052443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.634354115 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.634449005 CET58052443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.679325104 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.752552032 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.752774954 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.752844095 CET58052443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.753220081 CET58052443192.168.2.16216.239.34.181
                                                                                                                                                                                                                        Jan 6, 2025 19:52:13.753233910 CET44358052216.239.34.181192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:18.959738016 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:18.959801912 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:18.959862947 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:19.397528887 CET58041443192.168.2.16172.217.16.196
                                                                                                                                                                                                                        Jan 6, 2025 19:52:19.397553921 CET44358041172.217.16.196192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:21.731079102 CET5805853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:21.736355066 CET53580581.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:21.736458063 CET5805853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:21.736531019 CET5805853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:21.736531019 CET5805853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:21.741372108 CET53580581.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:21.741386890 CET53580581.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:22.196988106 CET53580581.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:22.197623014 CET5805853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:22.202617884 CET53580581.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:22.202711105 CET5805853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:24.329451084 CET5799280192.168.2.16199.232.210.172
                                                                                                                                                                                                                        Jan 6, 2025 19:52:24.329586983 CET5799380192.168.2.16199.232.210.172
                                                                                                                                                                                                                        Jan 6, 2025 19:52:24.334424019 CET8057992199.232.210.172192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:24.334487915 CET5799280192.168.2.16199.232.210.172
                                                                                                                                                                                                                        Jan 6, 2025 19:52:24.334690094 CET8057993199.232.210.172192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:24.334736109 CET5799380192.168.2.16199.232.210.172
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.280597925 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.280652046 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.280725956 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.285959959 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.285976887 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.772695065 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.772802114 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.774877071 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.774888039 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.775147915 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.824263096 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.833008051 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.879337072 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.940417051 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.943025112 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:38.943042994 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:39.257033110 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:39.258008957 CET4435806345.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:39.258095026 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:39.261235952 CET58063443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.294020891 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.294043064 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.294121027 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.298212051 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.298224926 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.804980993 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.806976080 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.806976080 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.806992054 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.807241917 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.849373102 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.864825964 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.907325029 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.968899012 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.969420910 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.969435930 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.094604015 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.094810963 CET443580645.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.095010996 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.104602098 CET58064443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.207653046 CET58065443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.207707882 CET443580655.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.207798004 CET58065443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.208034039 CET58065443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.208048105 CET443580655.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.686934948 CET443580655.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.688621044 CET58065443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:48.688658953 CET443580655.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:53.008537054 CET443580655.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:53.008620977 CET443580655.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:53.008681059 CET58065443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:52:53.012203932 CET58065443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.041167021 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.041218042 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.041322947 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.045536041 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.045552969 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.537983894 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.538084984 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.539673090 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.539693117 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.539941072 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.587400913 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.595701933 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.643328905 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.697607994 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.698092937 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.698116064 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.817795038 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.818315029 CET443580675.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.818362951 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.824294090 CET58067443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.875292063 CET58068443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.875334024 CET443580685.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.875462055 CET58068443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.875724077 CET58068443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:05.875746965 CET443580685.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:06.369983912 CET443580685.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:06.376482010 CET58068443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:06.376504898 CET443580685.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:06.692135096 CET443580685.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:06.692228079 CET443580685.161.105.73192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:06.692276001 CET58068443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:06.695317030 CET58068443192.168.2.165.161.105.73
                                                                                                                                                                                                                        Jan 6, 2025 19:53:14.387666941 CET57994443192.168.2.1640.126.32.138
                                                                                                                                                                                                                        Jan 6, 2025 19:53:14.387669086 CET5799580192.168.2.16192.229.221.95
                                                                                                                                                                                                                        Jan 6, 2025 19:53:14.393251896 CET4435799440.126.32.138192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:14.393265963 CET8057995192.229.221.95192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:14.393327951 CET57994443192.168.2.1640.126.32.138
                                                                                                                                                                                                                        Jan 6, 2025 19:53:14.393347025 CET5799580192.168.2.16192.229.221.95
                                                                                                                                                                                                                        Jan 6, 2025 19:53:16.552623034 CET57996443192.168.2.1640.126.32.138
                                                                                                                                                                                                                        Jan 6, 2025 19:53:16.557581902 CET4435799640.126.32.138192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:16.557666063 CET57996443192.168.2.1640.126.32.138
                                                                                                                                                                                                                        Jan 6, 2025 19:53:32.692708015 CET58070443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:53:32.692755938 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:32.692867041 CET58070443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:53:32.700710058 CET58070443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:53:32.700735092 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.179387093 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.179472923 CET58070443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.181682110 CET58070443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.181693077 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.181921959 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.227533102 CET58070443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.240948915 CET58070443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.287328959 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.514405012 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.516864061 CET58070443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.516894102 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.773467064 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.773610115 CET4435807045.33.84.9192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.773663044 CET58070443192.168.2.1645.33.84.9
                                                                                                                                                                                                                        Jan 6, 2025 19:53:33.777286053 CET58070443192.168.2.1645.33.84.9

                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Jan 6, 2025 19:51:38.955558062 CET6088853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.000138044 CET53608881.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.462039948 CET5543053192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.502157927 CET53554301.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.424632072 CET53536571.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.436558008 CET5586553192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.436702967 CET5575553192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.452028036 CET53558651.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.600616932 CET53557551.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.621690989 CET53500921.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.327876091 CET5296953192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.328078985 CET5120953192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.328497887 CET5389753192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.328752041 CET6475653192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.329559088 CET6133353192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.329736948 CET5936453192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.334491014 CET53529691.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.334824085 CET53512091.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.335104942 CET53538971.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.335408926 CET53647561.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.336445093 CET53593641.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337404966 CET53613331.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.545819044 CET53624081.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.629316092 CET53617591.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.044574976 CET5298053192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.044857025 CET6370853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.051632881 CET53529801.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.051645994 CET53637081.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.472755909 CET53621001.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.361238956 CET6290353192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.420068026 CET53629031.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.598381042 CET6432353192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.598479986 CET6262353192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.605170012 CET53626231.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.605199099 CET53643231.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.781192064 CET5740853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.781342030 CET4953953192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.792268991 CET53574081.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.792591095 CET53495391.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.009514093 CET5165353192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.009702921 CET6143853192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.014693022 CET53639891.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.016438961 CET53516531.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.016681910 CET53614381.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.077430010 CET5352653192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.077430010 CET5849153192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.077836037 CET5585153192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.078006983 CET5800353192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084245920 CET53584911.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084259033 CET53535261.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084755898 CET53558511.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.085119963 CET53580031.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.195462942 CET5010653192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.195642948 CET5559453192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.199170113 CET5601053192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.199332952 CET6475953192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.202338934 CET53555941.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.202409983 CET53501061.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.206211090 CET53647591.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.206547976 CET53560101.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.304972887 CET6183253192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.305284977 CET5646253192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.305658102 CET5268353192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.305839062 CET6325253192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.311628103 CET53618321.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.311943054 CET53564621.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.317610979 CET53632521.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.338912964 CET53526831.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.792917967 CET53642301.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.157917023 CET5847153192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.158080101 CET5232553192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.164598942 CET53584711.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.165570974 CET53523251.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.102379084 CET6314653192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.102643013 CET6471253192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.113255024 CET53647121.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.114948034 CET53631461.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:18.477843046 CET53511991.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:18.709935904 CET5812053192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:18.754113913 CET53581201.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:20.716973066 CET53652731.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:21.730509043 CET53629581.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:37.723900080 CET5402653192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:37.737976074 CET53540261.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:52:44.831073046 CET138138192.168.2.16192.168.2.255
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.268531084 CET5784053192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.289302111 CET53578401.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:02.432369947 CET53655211.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:15.437357903 CET5197153192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:53:15.461843967 CET53519711.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:32.660739899 CET5608453192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:53:32.683145046 CET53560841.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:53:50.505328894 CET6274053192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:53:50.528511047 CET53627401.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:54:36.338692904 CET5648453192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:54:36.377571106 CET53564841.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:54:57.389684916 CET6382153192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:54:57.407059908 CET53638211.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:55:51.553958893 CET6016253192.168.2.161.1.1.1
                                                                                                                                                                                                                        Jan 6, 2025 19:55:51.567553043 CET53601621.1.1.1192.168.2.16
                                                                                                                                                                                                                        Jan 6, 2025 19:56:42.729665041 CET138138192.168.2.16192.168.2.255
                                                                                                                                                                                                                        Jan 6, 2025 19:57:50.817012072 CET53566731.1.1.1192.168.2.16

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Jan 6, 2025 19:51:38.955558062 CET192.168.2.161.1.1.10x86feStandard query (0)apb.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.462039948 CET192.168.2.161.1.1.10x21e5Standard query (0)sts.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.436558008 CET192.168.2.161.1.1.10x14deStandard query (0)www.zipthisapp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.436702967 CET192.168.2.161.1.1.10x6bf9Standard query (0)www.zipthisapp.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.327876091 CET192.168.2.161.1.1.10xade1Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.328078985 CET192.168.2.161.1.1.10x9cfdStandard query (0)cdnjs.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.328497887 CET192.168.2.161.1.1.10xef2bStandard query (0)stackpath.bootstrapcdn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.328752041 CET192.168.2.161.1.1.10xdfeaStandard query (0)stackpath.bootstrapcdn.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.329559088 CET192.168.2.161.1.1.10x18caStandard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.329736948 CET192.168.2.161.1.1.10x713fStandard query (0)code.jquery.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.044574976 CET192.168.2.161.1.1.10x9cbbStandard query (0)cdn.jsdelivr.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.044857025 CET192.168.2.161.1.1.10xb7b7Standard query (0)cdn.jsdelivr.net65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.361238956 CET192.168.2.161.1.1.10x8060Standard query (0)can.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.598381042 CET192.168.2.161.1.1.10xa147Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.598479986 CET192.168.2.161.1.1.10x1130Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.781192064 CET192.168.2.161.1.1.10x18e7Standard query (0)api-advertiser.linkvertise.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.781342030 CET192.168.2.161.1.1.10xd353Standard query (0)api-advertiser.linkvertise.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.009514093 CET192.168.2.161.1.1.10x8385Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.009702921 CET192.168.2.161.1.1.10x524dStandard query (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.077430010 CET192.168.2.161.1.1.10x994fStandard query (0)analytics.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.077430010 CET192.168.2.161.1.1.10xd697Standard query (0)analytics.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.077836037 CET192.168.2.161.1.1.10x6360Standard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.078006983 CET192.168.2.161.1.1.10x19dbStandard query (0)stats.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.195462942 CET192.168.2.161.1.1.10x4bdcStandard query (0)td.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.195642948 CET192.168.2.161.1.1.10x6abStandard query (0)td.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.199170113 CET192.168.2.161.1.1.10x81f0Standard query (0)ad.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.199332952 CET192.168.2.161.1.1.10x3e58Standard query (0)ad.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.304972887 CET192.168.2.161.1.1.10x993aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.305284977 CET192.168.2.161.1.1.10x591Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.305658102 CET192.168.2.161.1.1.10xa4bStandard query (0)14918961.fls.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.305839062 CET192.168.2.161.1.1.10xacdfStandard query (0)14918961.fls.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.157917023 CET192.168.2.161.1.1.10x2174Standard query (0)adservice.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.158080101 CET192.168.2.161.1.1.10xfecbStandard query (0)adservice.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.102379084 CET192.168.2.161.1.1.10xb458Standard query (0)bq.zipthisapp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.102643013 CET192.168.2.161.1.1.10xa34eStandard query (0)bq.zipthisapp.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:18.709935904 CET192.168.2.161.1.1.10x58f5Standard query (0)can.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:37.723900080 CET192.168.2.161.1.1.10xaa10Standard query (0)can.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.268531084 CET192.168.2.161.1.1.10x49a1Standard query (0)tzpdld.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:53:15.437357903 CET192.168.2.161.1.1.10x82b2Standard query (0)tzpdld.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:53:32.660739899 CET192.168.2.161.1.1.10x236aStandard query (0)can.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:53:50.505328894 CET192.168.2.161.1.1.10xb21aStandard query (0)can.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:54:36.338692904 CET192.168.2.161.1.1.10x1ee2Standard query (0)can.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:54:57.389684916 CET192.168.2.161.1.1.10x9df1Standard query (0)can.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:55:51.553958893 CET192.168.2.161.1.1.10xdc13Standard query (0)can.thisilient.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Jan 6, 2025 19:51:39.000138044 CET1.1.1.1192.168.2.160x86feNo error (0)apb.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:00.502157927 CET1.1.1.1192.168.2.160x21e5No error (0)sts.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.452028036 CET1.1.1.1192.168.2.160x14deNo error (0)www.zipthisapp.com104.18.2.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.452028036 CET1.1.1.1192.168.2.160x14deNo error (0)www.zipthisapp.com104.18.3.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:02.600616932 CET1.1.1.1192.168.2.160x6bf9No error (0)www.zipthisapp.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.334491014 CET1.1.1.1192.168.2.160xade1No error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.334491014 CET1.1.1.1192.168.2.160xade1No error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.334824085 CET1.1.1.1192.168.2.160x9cfdNo error (0)cdnjs.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.335104942 CET1.1.1.1192.168.2.160xef2bNo error (0)stackpath.bootstrapcdn.com104.18.10.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.335104942 CET1.1.1.1192.168.2.160xef2bNo error (0)stackpath.bootstrapcdn.com104.18.11.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.335408926 CET1.1.1.1192.168.2.160xdfeaNo error (0)stackpath.bootstrapcdn.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337404966 CET1.1.1.1192.168.2.160x18caNo error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337404966 CET1.1.1.1192.168.2.160x18caNo error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337404966 CET1.1.1.1192.168.2.160x18caNo error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:03.337404966 CET1.1.1.1192.168.2.160x18caNo error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.051632881 CET1.1.1.1192.168.2.160x9cbbNo error (0)cdn.jsdelivr.netjsdelivr.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.051632881 CET1.1.1.1192.168.2.160x9cbbNo error (0)jsdelivr.map.fastly.net151.101.65.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.051632881 CET1.1.1.1192.168.2.160x9cbbNo error (0)jsdelivr.map.fastly.net151.101.129.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.051632881 CET1.1.1.1192.168.2.160x9cbbNo error (0)jsdelivr.map.fastly.net151.101.193.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.051632881 CET1.1.1.1192.168.2.160x9cbbNo error (0)jsdelivr.map.fastly.net151.101.1.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:04.051645994 CET1.1.1.1192.168.2.160xb7b7No error (0)cdn.jsdelivr.netcdn.jsdelivr.net.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.420068026 CET1.1.1.1192.168.2.160x8060No error (0)can.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.605170012 CET1.1.1.1192.168.2.160x1130No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.605199099 CET1.1.1.1192.168.2.160xa147No error (0)www.google.com142.250.185.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.792268991 CET1.1.1.1192.168.2.160x18e7No error (0)api-advertiser.linkvertise.com104.18.1.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.792268991 CET1.1.1.1192.168.2.160x18e7No error (0)api-advertiser.linkvertise.com104.18.0.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:06.792591095 CET1.1.1.1192.168.2.160xd353No error (0)api-advertiser.linkvertise.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.016438961 CET1.1.1.1192.168.2.160x8385No error (0)googleads.g.doubleclick.net142.250.186.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.016681910 CET1.1.1.1192.168.2.160x524dNo error (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084245920 CET1.1.1.1192.168.2.160xd697No error (0)analytics.google.comanalytics-alv.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084245920 CET1.1.1.1192.168.2.160xd697No error (0)analytics-alv.google.com216.239.34.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084245920 CET1.1.1.1192.168.2.160xd697No error (0)analytics-alv.google.com216.239.38.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084245920 CET1.1.1.1192.168.2.160xd697No error (0)analytics-alv.google.com216.239.32.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084245920 CET1.1.1.1192.168.2.160xd697No error (0)analytics-alv.google.com216.239.36.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084755898 CET1.1.1.1192.168.2.160x6360No error (0)stats.g.doubleclick.net74.125.71.156A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084755898 CET1.1.1.1192.168.2.160x6360No error (0)stats.g.doubleclick.net74.125.71.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084755898 CET1.1.1.1192.168.2.160x6360No error (0)stats.g.doubleclick.net74.125.71.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.084755898 CET1.1.1.1192.168.2.160x6360No error (0)stats.g.doubleclick.net74.125.71.157A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.202409983 CET1.1.1.1192.168.2.160x4bdcNo error (0)td.doubleclick.net142.250.185.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.206211090 CET1.1.1.1192.168.2.160x3e58No error (0)ad.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.206547976 CET1.1.1.1192.168.2.160x81f0No error (0)ad.doubleclick.net142.250.186.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.311628103 CET1.1.1.1192.168.2.160x993aNo error (0)www.google.com172.217.16.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.311943054 CET1.1.1.1192.168.2.160x591No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.317610979 CET1.1.1.1192.168.2.160xacdfNo error (0)14918961.fls.doubleclick.netdart.l.doubleclick.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.338912964 CET1.1.1.1192.168.2.160xa4bNo error (0)14918961.fls.doubleclick.netdart.l.doubleclick.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:08.338912964 CET1.1.1.1192.168.2.160xa4bNo error (0)dart.l.doubleclick.net142.250.185.230A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.164598942 CET1.1.1.1192.168.2.160x2174No error (0)adservice.google.com172.217.23.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:10.165570974 CET1.1.1.1192.168.2.160xfecbNo error (0)adservice.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.113255024 CET1.1.1.1192.168.2.160xa34eNo error (0)bq.zipthisapp.com65IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.114948034 CET1.1.1.1192.168.2.160xb458No error (0)bq.zipthisapp.com104.18.2.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:11.114948034 CET1.1.1.1192.168.2.160xb458No error (0)bq.zipthisapp.com104.18.3.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:18.754113913 CET1.1.1.1192.168.2.160x58f5No error (0)can.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:37.737976074 CET1.1.1.1192.168.2.160xaa10No error (0)can.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:52:47.289302111 CET1.1.1.1192.168.2.160x49a1No error (0)tzpdld.com5.161.105.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:53:15.461843967 CET1.1.1.1192.168.2.160x82b2No error (0)tzpdld.com5.161.105.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:53:32.683145046 CET1.1.1.1192.168.2.160x236aNo error (0)can.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:53:50.528511047 CET1.1.1.1192.168.2.160xb21aNo error (0)can.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:54:36.377571106 CET1.1.1.1192.168.2.160x1ee2No error (0)can.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:54:57.407059908 CET1.1.1.1192.168.2.160x9df1No error (0)can.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Jan 6, 2025 19:55:51.567553043 CET1.1.1.1192.168.2.160xdc13No error (0)can.thisilient.com45.33.84.9A (IP address)IN (0x0001)false

                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                        • apb.thisilient.com
                                                                                                                                                                                                                        • sts.thisilient.com
                                                                                                                                                                                                                        • www.zipthisapp.com
                                                                                                                                                                                                                        • https:
                                                                                                                                                                                                                          • code.jquery.com
                                                                                                                                                                                                                          • cdnjs.cloudflare.com
                                                                                                                                                                                                                          • stackpath.bootstrapcdn.com
                                                                                                                                                                                                                          • cdn.jsdelivr.net
                                                                                                                                                                                                                          • www.google.com
                                                                                                                                                                                                                          • api-advertiser.linkvertise.com
                                                                                                                                                                                                                          • analytics.google.com
                                                                                                                                                                                                                          • googleads.g.doubleclick.net
                                                                                                                                                                                                                          • stats.g.doubleclick.net
                                                                                                                                                                                                                          • td.doubleclick.net
                                                                                                                                                                                                                          • ad.doubleclick.net
                                                                                                                                                                                                                          • 14918961.fls.doubleclick.net
                                                                                                                                                                                                                          • adservice.google.com
                                                                                                                                                                                                                          • bq.zipthisapp.com
                                                                                                                                                                                                                        • can.thisilient.com
                                                                                                                                                                                                                        • tzpdld.com

                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.2.165799745.33.84.94436532C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:51:39 UTC154OUTPOST /v6 HTTP/1.1
                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                        Host: apb.thisilient.com
                                                                                                                                                                                                                        Content-Length: 88
                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2025-01-06 18:51:39 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                        2025-01-06 18:51:39 UTC88OUTData Raw: 48 56 5a 59 42 77 51 4a 44 67 49 45 53 41 51 41 42 31 63 66 55 67 4a 56 42 52 70 63 41 31 56 53 54 41 41 41 41 41 4d 4f 41 6c 49 46 55 67 70 51 55 68 59 48 55 31 4a 52 43 41 59 42 42 41 46 66 55 51 6b 48 41 46 55 48 53 56 4e 53 56 77 51 4e 56 41 39 53 56 67 41 3d
                                                                                                                                                                                                                        Data Ascii: HVZYBwQJDgIESAQAB1cfUgJVBRpcA1VSTAAAAAMOAlIFUgpQUhYHU1JRCAYBBAFfUQkHAFUHSVNSVwQNVA9SVgA=
                                                                                                                                                                                                                        2025-01-06 18:51:39 UTC192INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/json;charset=ISO-8859-1
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:51:39 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:51:39 UTC514INData Raw: 31 66 62 0d 0a 22 46 41 52 77 45 67 63 44 57 6c 35 63 56 46 68 55 52 30 56 55 52 56 42 65 58 42 63 44 41 52 63 45 64 42 51 4c 41 77 49 4c 55 46 63 42 42 67 49 42 46 41 55 4b 56 41 67 65 42 6c 4a 54 43 42 51 4a 42 41 49 43 48 67 5a 53 41 77 46 62 42 41 63 4c 41 67 64 52 42 68 41 44 43 78 51 41 63 52 51 42 41 46 5a 57 52 56 42 65 58 45 45 55 41 51 41 53 42 6e 41 63 42 48 41 58 42 6e 45 58 42 51 64 62 54 46 78 43 5a 6c 42 52 58 6c 49 51 41 77 73 55 41 58 4d 55 42 6e 41 53 41 48 55 63 41 33 45 58 41 77 46 52 51 6b 5a 46 56 6c 78 34 52 31 78 44 46 77 55 48 46 41 70 77 56 46 4e 64 51 46 63 53 42 33 49 63 41 77 42 66 57 46 35 58 59 30 78 42 58 42 51 41 41 42 51 41 63 78 49 48 41 31 68 42 51 6c 35 59 55 46 4e 44 58 46 35 58 46 41 42 30 58 6c 42 47 55 6b 45 63 53
                                                                                                                                                                                                                        Data Ascii: 1fb"FARwEgcDWl5cVFhUR0VURVBeXBcDARcEdBQLAwILUFcBBgIBFAUKVAgeBlJTCBQJBAICHgZSAwFbBAcLAgdRBhADCxQAcRQBAFZWRVBeXEEUAQASBnAcBHAXBnEXBQdbTFxCZlBRXlIQAwsUAXMUBnASAHUcA3EXAwFRQkZFVlx4R1xDFwUHFApwVFNdQFcSB3IcAwBfWF5XY0xBXBQAABQAcxIHA1hBQl5YUFNDXF5XFAB0XlBGUkEcS
                                                                                                                                                                                                                        2025-01-06 18:51:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        1192.168.2.165799845.33.84.94436532C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:51:42 UTC130OUTPOST /v6 HTTP/1.1
                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                        Host: apb.thisilient.com
                                                                                                                                                                                                                        Content-Length: 88
                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                        2025-01-06 18:51:43 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                        2025-01-06 18:51:43 UTC88OUTData Raw: 48 56 5a 59 42 77 51 4a 44 67 49 45 53 41 51 41 42 31 63 66 55 67 4a 56 42 52 70 63 41 31 56 53 54 41 41 41 41 41 4d 4f 41 6c 49 46 55 67 70 51 55 68 59 48 55 31 4a 52 43 41 59 42 42 41 46 66 55 51 6b 48 41 46 55 48 53 56 42 52 56 67 55 4b 55 77 46 52 55 51 49 3d
                                                                                                                                                                                                                        Data Ascii: HVZYBwQJDgIESAQAB1cfUgJVBRpcA1VSTAAAAAMOAlIFUgpQUhYHU1JRCAYBBAFfUQkHAFUHSVBRVgUKUwFRUQI=
                                                                                                                                                                                                                        2025-01-06 18:51:43 UTC192INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/json;charset=ISO-8859-1
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:51:43 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:51:43 UTC514INData Raw: 31 66 62 0d 0a 22 46 77 64 78 45 77 41 45 56 46 31 62 56 6c 74 58 52 6b 52 54 51 6c 35 64 57 78 55 41 41 68 59 46 63 78 4d 46 41 41 55 4a 55 31 51 41 42 77 55 47 47 67 59 4e 56 67 73 64 42 31 4e 55 44 78 6f 4b 41 77 41 42 48 51 64 54 42 41 5a 56 42 77 41 4a 41 51 52 51 42 78 63 45 42 52 63 48 63 78 63 43 41 56 64 52 51 6c 35 64 57 30 4d 58 41 67 45 54 41 58 63 53 42 33 63 56 42 58 49 57 42 41 42 63 51 6c 39 46 5a 46 4e 53 58 31 4d 58 42 41 55 58 42 6e 45 58 42 58 45 54 42 33 49 53 41 48 59 56 41 41 4a 51 51 30 46 43 57 46 39 2f 52 56 39 41 46 67 51 41 45 77 52 7a 55 31 46 65 51 31 59 54 41 48 55 53 41 41 64 64 57 31 31 57 59 6b 74 47 55 68 63 48 41 68 63 44 63 68 4d 41 42 46 5a 43 52 56 78 62 55 31 4a 43 57 31 6c 5a 46 77 64 32 58 56 4e 48 55 30 59 62 52
                                                                                                                                                                                                                        Data Ascii: 1fb"FwdxEwAEVF1bVltXRkRTQl5dWxUAAhYFcxMFAAUJU1QABwUGGgYNVgsdB1NUDxoKAwABHQdTBAZVBwAJAQRQBxcEBRcHcxcCAVdRQl5dW0MXAgETAXcSB3cVBXIWBABcQl9FZFNSX1MXBAUXBnEXBXETB3ISAHYVAAJQQ0FCWF9/RV9AFgQAEwRzU1FeQ1YTAHUSAAddW11WYktGUhcHAhcDchMABFZCRVxbU1JCW1lZFwd2XVNHU0YbR
                                                                                                                                                                                                                        2025-01-06 18:51:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        2192.168.2.165800545.33.84.94436532C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:00 UTC96OUTGET /st HTTP/1.1
                                                                                                                                                                                                                        X-Event-Type: conversion
                                                                                                                                                                                                                        Host: sts.thisilient.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2025-01-06 18:52:01 UTC169INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                        Content-Length: 2
                                                                                                                                                                                                                        Content-Type: application/json;charset=ISO-8859-1
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:01 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2025-01-06 18:52:01 UTC2INData Raw: 7b 7d
                                                                                                                                                                                                                        Data Ascii: {}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        3192.168.2.1658007104.18.2.2004432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC707OUTGET /success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf HTTP/1.1
                                                                                                                                                                                                                        Host: www.zipthisapp.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC507INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:03 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Last-Modified: Wed, 25 Dec 2024 12:09:11 GMT
                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                        x-amz-version-id: Ze2mUolnIS59hapooJE2ZPBH_a3ow7Y.
                                                                                                                                                                                                                        X-Cache: MISS from ip-10-14-10-135.ec2.internal
                                                                                                                                                                                                                        X-Cache-Lookup: MISS from ip-10-14-10-135.ec2.internal:80
                                                                                                                                                                                                                        Cache-Control: public, max-age=900
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde727c9c242d8-EWR
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC862INData Raw: 66 39 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 5a 69 70 20 54 68 69 73 20 2d 20 53 75 63 63 65 73 73 66 75 6c 6c 79 20 55 70 64 61 74 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 6e 6b 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65
                                                                                                                                                                                                                        Data Ascii: f98<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Zip This - Successfully Updated</title> ... Link Favicon --> <link rel="icon" href="asse
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 74 28 73 29 2c 20 64 6c 20 3d 20 6c 20 21 3d 20 27 64 61 74 61 4c 61 79 65 72 27 20 3f 20 27 26 6c 3d 27 20 2b 20 6c 20 3a 20 27 27 3b 20 6a 2e 61 73 79 6e 63 20 3d 20 74 72 75 65 3b 20 6a 2e 73 72 63 20 3d 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 6d 2e 6a 73 3f 69 64 3d 27 20 2b 20 69 20 2b 20 64 6c 3b 20 66 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 6a 2c 20 66 29 3b 0a 20 20 20 20 20 20 7d 29 28 77 69 6e 64 6f 77 2c 20 64 6f 63 75 6d 65 6e 74 2c 20 27 73 63 72 69 70 74 27 2c 20 27 64 61 74 61 4c 61 79 65 72 27 2c 20 27 47 54 4d 2d 57 44 48 35 35 54 36 35 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 21 2d 2d
                                                                                                                                                                                                                        Data Ascii: t(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-WDH55T65');</script> ...
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 34 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6c 6f 63 6b 73 2d 63 61 72 64 2d 77 72 61 70 70 65 72 20 70 78 2d 34 20 70 79 2d 31 20 6d 78 2d 35 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 74 2d 34 22 3e 30 32 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 34 20 63 6c 61 73 73 3d 22 70 74 2d 31 22 3e 4c 61 75 6e 63 68 20 4f 75 72 20 41 70 70 3c 2f 68 34 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 44 6f 75 62 6c 65
                                                                                                                                                                                                                        Data Ascii: <div class="col-lg-4"> <div class="blocks-card-wrapper px-4 py-1 mx-5"> <div class="mt-4">02</div> <h4 class="pt-1">Launch Our App</h4> <p>Double
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC399INData Raw: 2e 31 2e 73 6c 69 6d 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 40 70 6f 70 70 65 72 6a 73 2f 63 6f 72 65 40 32 2e 35 2e 32 2f 64 69 73 74 2f 75 6d 64 2f 70 6f 70 70 65 72 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 63 6b 70 61 74 68 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 34 2e 35 2e 32 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 61 73 73 65 74 73 2f 73 63 72 69 70
                                                                                                                                                                                                                        Data Ascii: .1.slim.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.5.2/dist/umd/popper.min.js"></script> <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> <script src="assets/scrip
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        4192.168.2.1658010104.18.2.2004432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC600OUTGET /assets/css/main.css HTTP/1.1
                                                                                                                                                                                                                        Host: www.zipthisapp.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: style
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC550INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:03 GMT
                                                                                                                                                                                                                        Content-Type: text/css
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Last-Modified: Wed, 25 Dec 2024 12:09:11 GMT
                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                        x-amz-version-id: 53ZBbG7_.0VZe2lf5tEW1IEaNhr168sf
                                                                                                                                                                                                                        X-Cache: HIT from ip-10-14-10-135.ec2.internal
                                                                                                                                                                                                                        X-Cache-Lookup: HIT from ip-10-14-10-135.ec2.internal:80
                                                                                                                                                                                                                        Cache-Control: public, max-age=14400
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        CF-Cache-Status: REVALIDATED
                                                                                                                                                                                                                        Expires: Mon, 06 Jan 2025 22:52:03 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde7292c7d72c2-EWR
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC819INData Raw: 32 32 62 34 0d 0a 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 44 4d 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 27 29 3b 0a 0a 2f 2a 20 63 6f 6c 6f 72 73 20 2a 2f 0a 2e 6d 61 69 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 32 31 31 35 31 3b 0a 7d 0a 2e 73 65 63 6f 6e 64 61 72 79 2d 63 6f 6c 6f 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 35 44 32 35 46 43 3b 0a 7d 0a 2e 6c 69 67 68 74 2d 63 6f 6c 6f 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 45 35 45 35 45 35 3b 0a 7d 0a 2e 64 61 72 6b 2d 63 6f 6c 6f 72 20 7b 0a 20 20
                                                                                                                                                                                                                        Data Ascii: 22b4@import url('https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap');/* colors */.main-background { background: #221151;}.secondary-color { color: #5D25FC;}.light-color { color: #E5E5E5;}.dark-color {
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 31 30 70 78 3b 0a 7d 0a 2e 68 65 61 64 65 72 2d 6c 69 6e 6b 73 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 32 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 67 61 70 3a 35 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 3b 0a 7d 0a 2e 68 65 61 64 65 72 2d 6c 69 6e 6b 73 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 67 61 70 3a 35 30 70 78 3b 0a 7d 0a 2e 68 65 61 64 65 72 2d 6c 69 6e
                                                                                                                                                                                                                        Data Ascii: margin-right: 10px;}.header-links { margin-left: auto; display: flex; align-items: center; font-size: 22px; font-weight: 400; gap:50px; font-family: Arial;}.header-links a { color: white; gap:50px;}.header-lin
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0a 7d 20 2a 2f 0a 2e 68 65 72 6f 20 2e 68 65 72 6f 2d 62 67 2d 77 72 61 70 70 65 72 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 2e 2e 2f 69 6d 61 67 65 73 2f 68 65 72 6f 2d 73 68 61 70 65 73 2e 70 6e 67 22 29 20 63 65 6e 74 65 72 20 63 65 6e 74 65 72 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 20 63 6f 76 65 72 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 7d 0a 2e 68 65 72 6f 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 2e 32 76 77 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67
                                                                                                                                                                                                                        Data Ascii: der-radius: 50%;} */.hero .hero-bg-wrapper { width:100%; background: url("../images/hero-shapes.png") center center no-repeat; background-size: cover; margin: 0 auto;}.hero h1 { font-size: 3.2vw; font-weight: 700; line-heig
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 7d 0a 23 69 74 65 6d 33 64 2d 34 20 7b 0a 20 20 20 20 74 6f 70 3a 20 36 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 31 35 25 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 34 30 70 78 3b 0a 7d 0a 23 69 74 65 6d 33 64 2d 35 20 7b 0a 20 20 20 20 74 6f 70 3a 20 31 35 25 3b 0a 20 20 20 20 72 69 67 68 74 3a 20 32 35 25 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 38 30 70 78 3b 0a 7d 0a 23 69 74 65 6d 33 64 2d 36 20 7b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 32 30 25 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 35 30 70 78 3b 0a 7d 0a 2e 73 6f 2d 62 6c 6f 63 6b 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 3b 0a 7d 0a 2f 2a 69 6e 64 69 63 61 74 6f 72 2a 2f 0a 23 69
                                                                                                                                                                                                                        Data Ascii: }#item3d-4 { top: 60%; left: 15%; width: 140px;}#item3d-5 { top: 15%; right: 25%; width: 80px;}#item3d-6 { top: 50%; left: 20%; width: 150px;}.so-block { margin: 50px; margin-top: 20px;}/*indicator*/#i
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 0a 7d 0a 2e 6c 65 67 61 6c 73 2d 62 6c 6f 63 6b 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 38 38 33 46 31 3b 0a 7d 0a 2e 6c 65 67 61 6c 73 2d 62 6c 6f 63 6b 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 2e 6c 65 67 61 6c 73 2d 62 6c 6f 63 6b 20 68 32 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 3b 0a 7d 0a 2f 2a 20 63 6f 6e 74 65 6e 74 20 2a 2f
                                                                                                                                                                                                                        Data Ascii: }.legals-block a { color: #2883F1;}.legals-block a:hover { text-decoration: underline;}.legals-block h2 { margin-bottom: 10px; margin-top: 30px; font-size: 18px; font-weight: 700; text-transform:uppercase;}/* content */
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 2e 63 6f 6e 74 65 6e 74 20 2e 63 61 72 64 2e 63 61 72 64 2d 6f 70 65 6e 65 64 20 69 6d 67 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 36 30 25 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 3b 0a 7d 0a 2e 63 6f 6e 74 65 6e 74 20 2e 63 61 72 64 2e 63 61 72 64 2d 6f 70 65 6e 65 64 20 64 69 76 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 7d 0a 2e 63 6f 6e 74 65 6e 74 20 2e 63 61 72 64 2e 63 61 72 64 2d 6f 70 65 6e 65 64 20 2e 72 6f 75 6e 64 2d 62 6c 6f 63 6b 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 7d 0a 2e 63 6f 6e 74 65 6e 74 20 2e 63 61 72 64 2e 63 61 72 64 2d 6f 70 65 6e 65 64 20 69 6d 67 2e 61 72 72 6f 77 2d 62 74 74 6e 20 7b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f
                                                                                                                                                                                                                        Data Ascii: .content .card.card-opened img { width: 60%; margin-top: 20px;}.content .card.card-opened div p { font-size: 18px;}.content .card.card-opened .round-block { display: none;}.content .card.card-opened img.arrow-bttn { transform: ro
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1228INData Raw: 75 6d 6e 3b 0a 20 20 20 20 67 61 70 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 32 32 31 31 35 31 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 35 30 70 78 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 7d 0a 2e 62 6c 6f 63 6b 73 2d 63 61 72 64 2d 77 72 61 70 70 65 72 20 64 69 76 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 35 30 70 78 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 32 31 31 35 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 38 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 20 73 6f 6c 69 64 20
                                                                                                                                                                                                                        Data Ascii: umn; gap: 10px; border: 1px solid #221151; border-radius: 10px; height: 250px; overflow: hidden;}.blocks-card-wrapper div { width: 50px; color: #221151; font-size: 38px; font-weight: 700; border-bottom: 4px solid
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        5192.168.2.1658014151.101.130.1374432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC541OUTGET /jquery-3.5.1.slim.min.js HTTP/1.1
                                                                                                                                                                                                                        Host: code.jquery.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC611INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Length: 72380
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                                        Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                                                                                                                                                                                                        ETag: "28feccc0-11abc"
                                                                                                                                                                                                                        Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Age: 543742
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:03 GMT
                                                                                                                                                                                                                        X-Served-By: cache-lga21954-LGA, cache-ewr-kewr1740028-EWR
                                                                                                                                                                                                                        X-Cache: HIT, HIT
                                                                                                                                                                                                                        X-Cache-Hits: 464, 0
                                                                                                                                                                                                                        X-Timer: S1736189524.852593,VS0,VE1
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 31 20 2d 61 6a 61 78 2c 2d 61 6a 61 78 2f 6a 73 6f 6e 70 2c 2d 61 6a 61 78 2f 6c 6f 61 64 2c 2d 61 6a 61 78 2f 73 63 72 69 70 74 2c 2d 61 6a 61 78 2f 76 61 72 2f 6c 6f 63 61 74 69 6f 6e 2c 2d 61 6a 61 78 2f 76 61 72 2f 6e 6f 6e 63 65 2c 2d 61 6a 61 78 2f 76 61 72 2f 72 71 75 65 72 79 2c 2d 61 6a 61 78 2f 78 68 72 2c 2d 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2f 5f 65 76 61 6c 55 72 6c 2c 2d 64 65 70 72 65 63 61 74 65 64 2f 61 6a 61 78 2d 65 76 65 6e 74 2d 61 6c 69 61 73 2c 2d 65 66 66 65 63 74 73 2c 2d 65 66 66 65 63 74 73 2f 54 77 65 65 6e 2c 2d 65 66 66 65 63 74 73 2f 61 6e 69 6d 61 74 65 64 53 65 6c 65 63 74 6f 72 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63
                                                                                                                                                                                                                        Data Ascii: /*! jQuery v3.5.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-deprecated/ajax-event-alias,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other c
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 71 75 65 72 79 2c 2d 61 6a 61 78 2f 78 68 72 2c 2d 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2f 5f 65 76 61 6c 55 72 6c 2c 2d 64 65 70 72 65 63 61 74 65 64 2f 61 6a 61 78 2d 65 76 65 6e 74 2d 61 6c 69 61 73 2c 2d 65 66 66 65 63 74 73 2c 2d 65 66 66 65 63 74 73 2f 54 77 65 65 6e 2c 2d 65 66 66 65 63 74 73 2f 61 6e 69 6d 61 74 65 64 53 65 6c 65 63 74 6f 72 22 2c 45 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 45 2e 66 6e 2e 69 6e 69 74 28 65 2c 74 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 76 61 72 20 74 3d 21 21 65 26 26 22 6c 65 6e 67 74 68 22 69 6e 20 65 26 26 65 2e 6c 65 6e 67 74 68 2c 6e 3d 54 28 65 29 3b 72 65 74 75 72 6e 21 62 28 65 29 26 26 21 78 28 65 29 26 26 28 22 61 72 72 61 79 22 3d 3d 3d 6e 7c 7c 30 3d 3d 3d
                                                                                                                                                                                                                        Data Ascii: query,-ajax/xhr,-manipulation/_evalUrl,-deprecated/ajax-event-alias,-effects,-effects/Tween,-effects/animatedSelector",E=function(e,t){return new E.fn.init(e,t)};function d(e){var t=!!e&&"length"in e&&e.length,n=T(e);return!b(e)&&!x(e)&&("array"===n||0===
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 21 3d 28 65 3d 61 72 67 75 6d 65 6e 74 73 5b 73 5d 29 29 66 6f 72 28 74 20 69 6e 20 65 29 72 3d 65 5b 74 5d 2c 22 5f 5f 70 72 6f 74 6f 5f 5f 22 21 3d 3d 74 26 26 61 21 3d 3d 72 26 26 28 6c 26 26 72 26 26 28 45 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 72 29 7c 7c 28 69 3d 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 72 29 29 29 3f 28 6e 3d 61 5b 74 5d 2c 6f 3d 69 26 26 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6e 29 3f 5b 5d 3a 69 7c 7c 45 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 6e 29 3f 6e 3a 7b 7d 2c 69 3d 21 31 2c 61 5b 74 5d 3d 45 2e 65 78 74 65 6e 64 28 6c 2c 6f 2c 72 29 29 3a 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 61 5b 74 5d 3d 72 29 29 3b 72 65 74 75 72 6e 20 61 7d 2c 45 2e 65 78 74 65 6e 64 28 7b 65 78 70 61 6e 64 6f 3a 22 6a 51 75 65 72
                                                                                                                                                                                                                        Data Ascii: !=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(E.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||E.isPlainObject(n)?n:{},i=!1,a[t]=E.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},E.extend({expando:"jQuer
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 6c 26 26 28 45 2e 66 6e 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 74 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 29 2c 45 2e 65 61 63 68 28 22 42 6f 6f 6c 65 61 6e 20 4e 75 6d 62 65 72 20 53 74 72 69 6e 67 20 46 75 6e 63 74 69 6f 6e 20 41 72 72 61 79 20 44 61 74 65 20 52 65 67 45 78 70 20 4f 62 6a 65 63 74 20 45 72 72 6f 72 20 53 79 6d 62 6f 6c 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6e 5b 22 5b 6f 62 6a 65 63 74 20 22 2b 74 2b 22 5d 22 5d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 29 3b 76 61 72 20 70 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 65 2c 70 2c 78 2c 6f 2c 69 2c 68 2c 66 2c 67 2c 77 2c 75 2c 6c 2c 43 2c 54 2c 61 2c 45 2c 76 2c 73 2c 63 2c 79 2c 41 3d 22 73 69 7a 7a 6c
                                                                                                                                                                                                                        Data Ascii: l&&(E.fn[Symbol.iterator]=t[Symbol.iterator]),E.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var p=function(n){var e,p,x,o,i,h,f,g,w,u,l,C,T,a,E,v,s,c,y,A="sizzl
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 79 70 65 29 28 3f 3a 5c 5c 28 22 2b 52 2b 22 2a 28 65 76 65 6e 7c 6f 64 64 7c 28 28 5b 2b 2d 5d 7c 29 28 5c 5c 64 2a 29 6e 7c 29 22 2b 52 2b 22 2a 28 3f 3a 28 5b 2b 2d 5d 7c 29 22 2b 52 2b 22 2a 28 5c 5c 64 2b 29 7c 29 29 22 2b 52 2b 22 2a 5c 5c 29 7c 29 22 2c 22 69 22 29 2c 62 6f 6f 6c 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 22 2b 49 2b 22 29 24 22 2c 22 69 22 29 2c 6e 65 65 64 73 43 6f 6e 74 65 78 74 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 52 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 52 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 52 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d
                                                                                                                                                                                                                        Data Ascii: ype)(?:\\("+R+"*(even|odd|(([+-]|)(\\d*)n|)"+R+"*(?:([+-]|)"+R+"*(\\d+)|))"+R+"*\\)|)","i"),bool:new RegExp("^(?:"+I+")$","i"),needsContext:new RegExp("^"+R+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+R+"*((?:-\\d)?\\d*)"+R+"*\\)|)(?=[^-]|$)","i")}
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 6e 20 6e 2e 70 75 73 68 28 61 29 2c 6e 7d 65 6c 73 65 20 69 66 28 66 26 26 28 61 3d 66 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 69 29 29 26 26 79 28 65 2c 61 29 26 26 61 2e 69 64 3d 3d 3d 69 29 72 65 74 75 72 6e 20 6e 2e 70 75 73 68 28 61 29 2c 6e 7d 65 6c 73 65 7b 69 66 28 75 5b 32 5d 29 72 65 74 75 72 6e 20 4f 2e 61 70 70 6c 79 28 6e 2c 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 29 2c 6e 3b 69 66 28 28 69 3d 75 5b 33 5d 29 26 26 70 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 4f 2e 61 70 70 6c 79 28 6e 2c 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 69 29 29 2c
                                                                                                                                                                                                                        Data Ascii: n n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return O.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&p.getElementsByClassName&&e.getElementsByClassName)return O.apply(n,e.getElementsByClassName(i)),
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 72 20 74 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 28 22 69 6e 70 75 74 22 3d 3d 3d 74 7c 7c 22 62 75 74 74 6f 6e 22 3d 3d 3d 74 29 26 26 65 2e 74 79 70 65 3d 3d 3d 6e 7d 7d 66 75 6e 63 74 69 6f 6e 20 67 65 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 6f 72 6d 22 69 6e 20 65 3f 65 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 21 31 3d 3d 3d 65 2e 64 69 73 61 62 6c 65 64 3f 22 6c 61 62 65 6c 22 69 6e 20 65 3f 22 6c 61 62 65 6c 22 69 6e 20 65 2e 70 61 72 65 6e 74 4e 6f 64 65 3f 65 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 3a 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 3a 65 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 74 7c 7c 65 2e 69 73
                                                                                                                                                                                                                        Data Ascii: r t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.is
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 2c 70 2e 67 65 74 42 79 49 64 3d 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 2e 69 64 3d 41 2c 21 54 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 7c 7c 21 54 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 28 41 29 2e 6c 65 6e 67 74 68 7d 29 2c 70 2e 67 65 74 42 79 49 64 3f 28 78 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 3d 3d 3d 74 7d 7d 2c 78 2e 66 69 6e 64 2e 49 44 3d
                                                                                                                                                                                                                        Data Ascii: .getElementsByClassName),p.getById=ce(function(e){return a.appendChild(e).id=A,!T.getElementsByName||!T.getElementsByName(A).length}),p.getById?(x.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},x.find.ID=
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 70 74 69 6f 6e 20 73 65 6c 65 63 74 65 64 3d 27 27 3e 3c 2f 6f 70 74 69 6f 6e 3e 3c 2f 73 65 6c 65 63 74 3e 22 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6d 73 61 6c 6c 6f 77 63 61 70 74 75 72 65 5e 3d 27 27 5d 22 29 2e 6c 65 6e 67 74 68 26 26 76 2e 70 75 73 68 28 22 5b 2a 5e 24 5d 3d 22 2b 52 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 52 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 49 2b 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 69 64 7e 3d 22 2b 41 2b 22 2d 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 7e 3d 22 29 2c
                                                                                                                                                                                                                        Data Ascii: ption selected=''></option></select>",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+R+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+R+"*(?:value|"+I+")"),e.querySelectorAll("[id~="+A+"-]").length||v.push("~="),
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1378INData Raw: 2c 74 3d 4a 2e 74 65 73 74 28 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 29 2c 79 3d 74 7c 7c 4a 2e 74 65 73 74 28 61 2e 63 6f 6e 74 61 69 6e 73 29 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 3f 65 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3a 65 2c 72 3d 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 65 3d 3d 3d 72 7c 7c 21 28 21 72 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 6e 2e 63 6f 6e 74 61 69 6e 73 3f 6e 2e 63 6f 6e 74 61 69 6e 73 28 72 29 3a 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 72 29
                                                                                                                                                                                                                        Data Ascii: ,t=J.test(a.compareDocumentPosition),y=t||J.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        6192.168.2.1658011104.18.2.2004432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC650OUTGET /assets/images/256px.png HTTP/1.1
                                                                                                                                                                                                                        Host: www.zipthisapp.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC545INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:03 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 1838
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Last-Modified: Wed, 25 Dec 2024 12:09:11 GMT
                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                        x-amz-version-id: AhPsssZ_Aa.VDhoRWTBPm15x.JmjLp53
                                                                                                                                                                                                                        X-Cache: MISS from ip-10-14-30-120.ec2.internal
                                                                                                                                                                                                                        X-Cache-Lookup: HIT from ip-10-14-30-120.ec2.internal:80
                                                                                                                                                                                                                        Cache-Control: public, max-age=14400
                                                                                                                                                                                                                        CF-Cache-Status: REVALIDATED
                                                                                                                                                                                                                        Expires: Mon, 06 Jan 2025 22:52:03 GMT
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde72c6c7ac440-EWR
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC824INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 fb 00 00 00 c9 08 06 00 00 00 e5 c0 44 00 00 00 06 f5 49 44 41 54 78 9c ed dc cf 8b 9c 77 1d c0 f1 cf 33 3b bb dd 98 18 d7 a5 da b4 0d a8 88 b5 e6 54 7a 90 a2 01 2f c9 a5 1e a4 12 f0 6e fe 84 96 80 20 14 a1 a7 42 ef 82 e0 55 e2 21 bd 05 24 05 c1 1f 41 44 21 97 46 9a 22 12 69 92 95 84 64 b2 26 dd 64 f7 99 e7 f1 30 4e 32 49 f6 d7 ec ce ec b3 33 9f d7 0b 96 64 67 77 76 3e 97 37 9f ef 33 3b 3b 45 5d d7 31 52 57 cf 1f 8b e5 5b 1f 47 f1 79 c4 73 87 23 da f3 11 5f fd ee 68 1f 63 92 ac dc fa 72 3c ff 5a a7 e9 31 a0 d8 75 ec b7 2e 2d c4 dd ab 67 e2 9b 3f fa d9 68 46 9a 42 b7 2e 09 9e c6 ed 3c f6 7f 9e 7b 3d be fe e6 5f 63 66 7e 66 b4 23 4d 29 c1 d3 b0 e1 63 bf 7a fe 58 7c ed cd 8f c7 33 ce 94 13 3c 0d 6a 0d
                                                                                                                                                                                                                        Data Ascii: PNGIHDRDIDATxw3;Tz/n BU!$AD!F"id&d0N2I3dgwv>73;;E]1RW[Gys#_hcr<Z1u.-g?hFB.<{=_cf~f#M)czX|3<j
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1014INData Raw: c7 ea cd 9f 0e de d4 3b c6 97 f7 7b 9f b5 0f 36 31 16 30 3e 8f 8e f3 bd cd 5e 95 42 87 69 34 f0 eb b8 de 66 5f bd 1b 31 f7 a5 26 47 02 c6 a7 88 e8 6f 76 a1 c3 74 2a 3b 55 ff 8f 66 8a ba ea d6 51 6c ff 8f df 80 09 b3 fa 9f 4f 62 ee 85 57 55 0e d3 ae f5 dc b7 22 22 5a b6 3a 24 50 2e 9f e8 3d 41 07 4c b7 bb 7f 1b e2 9d 6a 80 c9 55 57 61 b3 43 12 36 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43
                                                                                                                                                                                                                        Data Ascii: ;{610>^Bi4f_1&Govt*;UfQlObWU""Z:$P.=ALjUWaC6;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!C


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        7192.168.2.1658012104.17.24.144432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC579OUTGET /ajax/libs/normalize/8.0.1/normalize.min.css HTTP/1.1
                                                                                                                                                                                                                        Host: cdnjs.cloudflare.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: style
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC943INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:03 GMT
                                                                                                                                                                                                                        Content-Type: text/css; charset=utf-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Cache-Control: public, max-age=30672000
                                                                                                                                                                                                                        ETag: W/"5eb03f2b-745"
                                                                                                                                                                                                                        Last-Modified: Mon, 04 May 2020 16:13:31 GMT
                                                                                                                                                                                                                        cf-cdnjs-via: cfworker/kv
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 986006
                                                                                                                                                                                                                        Expires: Sat, 27 Dec 2025 18:52:03 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jkfpd29FNchPYzr6O%2Fksva1CVm5elsOhQkUbn%2Brc6x4eNGdfpkZ7ksiBT3EmhC98iPDjqTXiWE21m1JFkwBYW0xGN1w4oTnqwOj5Ob6hVJ4qEJUkPmcm5NmUzLyaki6jj%2BkIlmhZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=15780000
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde72c4ffa430e-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC426INData Raw: 37 34 35 0d 0a 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 3b 6d 61 72 67 69 6e 3a 2e 36 37 65 6d 20 30 7d 68 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 68 65 69 67 68 74 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 70 72 65 7b 66
                                                                                                                                                                                                                        Data Ascii: 745/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{f
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 65 72 7d 63 6f 64 65 2c 6b 62 64 2c 73 61 6d 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 6f 73 70 61 63 65 2c 6d 6f 6e 6f 73 70 61 63 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 73 6d 61 6c 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 30 25 7d 73 75 62 2c 73 75 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 37 35 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 73 75 62 7b 62 6f 74 74 6f 6d 3a 2d 2e 32 35 65 6d 7d 73 75 70 7b 74 6f 70 3a 2d 2e 35 65 6d 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75
                                                                                                                                                                                                                        Data Ascii: ong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgrou
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC73INData Raw: 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 0a 2f 2a 23 20 73 6f 75 72 63 65 4d 61 70 70 69 6e 67 55 52 4c 3d 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 2e 6d 61 70 20 2a 2f 0d 0a
                                                                                                                                                                                                                        Data Ascii: ne}[hidden]{display:none}/*# sourceMappingURL=normalize.min.css.map */
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        8192.168.2.1658013104.18.10.2074432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC579OUTGET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1
                                                                                                                                                                                                                        Host: stackpath.bootstrapcdn.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: style
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC952INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:03 GMT
                                                                                                                                                                                                                        Content-Type: text/css; charset=utf-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        CDN-PullZone: 252412
                                                                                                                                                                                                                        CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
                                                                                                                                                                                                                        CDN-RequestCountryCode: US
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Cache-Control: public, max-age=31919000
                                                                                                                                                                                                                        ETag: W/"816af0eddd3b4822c2756227c7e7b7ee"
                                                                                                                                                                                                                        Last-Modified: Mon, 25 Jan 2021 22:04:11 GMT
                                                                                                                                                                                                                        CDN-ProxyVer: 1.06
                                                                                                                                                                                                                        CDN-RequestPullSuccess: True
                                                                                                                                                                                                                        CDN-RequestPullCode: 200
                                                                                                                                                                                                                        CDN-CachedAt: 11/22/2024 23:02:21
                                                                                                                                                                                                                        CDN-EdgeStorageId: 1067
                                                                                                                                                                                                                        timing-allow-origin: *
                                                                                                                                                                                                                        cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        CDN-Status: 200
                                                                                                                                                                                                                        CDN-RequestTime: 0
                                                                                                                                                                                                                        CDN-RequestId: 8338118a232be829937a6300edbdeedc
                                                                                                                                                                                                                        CDN-Cache: HIT
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 715037
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde72c7b137d24-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC417INData Raw: 37 62 66 61 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 35 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 23 36 36 31 30 66
                                                                                                                                                                                                                        Data Ascii: 7bfa/*! * Bootstrap v4.5.2 (https://getbootstrap.com/) * Copyright 2011-2020 The Bootstrap Authors * Copyright 2011-2020 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */:root{--blue:#007bff;--indigo:#6610f
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 70 72 69 6d 61 72 79 3a 23 30 30 37 62 66 66 3b 2d 2d 73 65 63 6f 6e 64 61 72 79 3a 23 36 63 37 35 37 64 3b 2d 2d 73 75 63 63 65 73 73 3a 23 32 38 61 37 34 35 3b 2d 2d 69 6e 66 6f 3a 23 31 37 61 32 62 38 3b 2d 2d 77 61 72 6e 69 6e 67 3a 23 66 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 73 6d 3a 35 37 36 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6d 64 3a 37 36 38 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6c 67 3a 39 39 32 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 6c 3a 31 32 30 30
                                                                                                                                                                                                                        Data Ascii: -dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 63 75 72 73 6f 72 3a 68 65 6c 70 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 6b 69 70 2d 69 6e 6b 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 6b 69 70 2d 69 6e 6b 3a 6e 6f 6e 65 7d 61 64 64 72 65 73 73 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74
                                                                                                                                                                                                                        Data Ascii: decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl,ol,ul{margin-top:0;margin-bott
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 20 2d 77 65 62 6b 69 74 2d 66 6f 63 75 73 2d 72 69 6e 67 2d 63 6f 6c 6f 72 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 72 6f 6c 65 3d 62 75 74 74 6f 6e 5d 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 73 65 6c 65 63 74 7b 77 6f 72 64 2d 77 72 61 70 3a 6e 6f 72 6d 61 6c 7d 5b 74 79 70 65 3d 62
                                                                                                                                                                                                                        Data Ascii: -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}[type=b
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 2c 68 33 2c 68 34 2c 68 35 2c 68 36 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 68 31 2c 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 7d 2e 68 32 2c 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 7d 2e 68 33 2c 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 35 72 65 6d 7d 2e 68 34 2c 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 7d 2e 68 35 2c 68 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 7d 2e 68 36 2c 68 36 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 7d 2e 6c 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 7d 2e 64 69 73 70 6c 61 79
                                                                                                                                                                                                                        Data Ascii: ,h3,h4,h5,h6{margin-bottom:.5rem;font-weight:500;line-height:1.2}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25rem;font-weight:300}.display
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 61 3e 63 6f 64 65 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 6b 62 64 7b 70 61 64 64 69 6e 67 3a 2e 32 72 65 6d 20 2e 34 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 72 65 6d 7d 6b 62 64 20 6b 62 64 7b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 70 72 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 7d 70 72 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 69
                                                                                                                                                                                                                        Data Ascii: word-wrap:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:87.5%;color:#fff;background-color:#212529;border-radius:.2rem}kbd kbd{padding:0;font-size:100%;font-weight:700}pre{display:block;font-size:87.5%;color:#212529}pre code{font-size:i
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 2d 6d 64 2d 31 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 32 2c 2e 63 6f 6c 2d 6d 64 2d 32 2c 2e 63 6f 6c 2d 6d 64 2d 33 2c 2e 63 6f 6c 2d 6d 64 2d 34 2c 2e 63 6f 6c 2d 6d 64 2d 35 2c 2e 63 6f 6c 2d 6d 64 2d 36 2c 2e 63 6f 6c 2d 6d 64 2d 37 2c 2e 63 6f 6c 2d 6d 64 2d 38 2c 2e 63 6f 6c 2d 6d 64 2d 39 2c 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 73 6d 2c 2e 63 6f 6c 2d 73 6d 2d 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 30 2c 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 32 2c 2e 63 6f 6c 2d 73 6d 2d 33 2c 2e 63 6f 6c 2d 73 6d 2d 34 2c 2e 63 6f 6c 2d 73 6d 2d 35 2c 2e 63 6f 6c 2d 73 6d 2d 36 2c 2e 63 6f 6c 2d 73 6d 2d 37 2c 2e 63 6f 6c 2d 73 6d 2d 38 2c 2e 63 6f 6c 2d 73 6d 2d 39 2c 2e 63 6f 6c 2d 73 6d 2d 61 75 74 6f 2c
                                                                                                                                                                                                                        Data Ascii: -md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-auto,.col-sm,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-auto,
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 30 20 30 20 35 30 25 3b 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 25 7d 2e 63 6f 6c 2d 37 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 35 38 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 35 38 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 38 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 38 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 36 36 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 36 36 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 36 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 39 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 37 35 25 7d 2e 63 6f 6c 2d 31 30 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 38 33 2e 33
                                                                                                                                                                                                                        Data Ascii: 0 0 50%;flex:0 0 50%;max-width:50%}.col-7{-ms-flex:0 0 58.333333%;flex:0 0 58.333333%;max-width:58.333333%}.col-8{-ms-flex:0 0 66.666667%;flex:0 0 66.666667%;max-width:66.666667%}.col-9{-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-10{-ms-flex:0 0 83.3
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 61 73 69 73 3a 30 3b 2d 6d 73 2d 66 6c 65 78 2d 70 6f 73 69 74 69 76 65 3a 31 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 31 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 32 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 33 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 33 33 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 33 33 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 33 33 2e 33 33
                                                                                                                                                                                                                        Data Ascii: asis:0;-ms-flex-positive:1;flex-grow:1;max-width:100%}.row-cols-sm-1>*{-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.row-cols-sm-2>*{-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.row-cols-sm-3>*{-ms-flex:0 0 33.333333%;flex:0 0 33.333333%;max-width:33.33
                                                                                                                                                                                                                        2025-01-06 18:52:03 UTC1369INData Raw: 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 2d 31 3b 6f 72 64 65 72 3a 2d 31 7d 2e 6f 72 64 65 72 2d 73 6d 2d 6c 61 73 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 33 3b 6f 72 64 65 72 3a 31 33 7d 2e 6f 72 64 65 72 2d 73 6d 2d 30 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 30 3b 6f 72 64 65 72 3a 30 7d 2e 6f 72 64 65 72 2d 73 6d 2d 31 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 3b 6f 72 64 65 72 3a 31 7d 2e 6f 72 64 65 72 2d 73 6d 2d 32 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 32 3b 6f 72 64 65 72 3a 32 7d 2e 6f 72 64 65 72 2d 73 6d 2d 33 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 33 3b 6f 72 64 65 72 3a 33 7d 2e 6f 72 64 65 72 2d 73 6d 2d 34 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 34 3b 6f 72 64 65 72 3a 34
                                                                                                                                                                                                                        Data Ascii: t{-ms-flex-order:-1;order:-1}.order-sm-last{-ms-flex-order:13;order:13}.order-sm-0{-ms-flex-order:0;order:0}.order-sm-1{-ms-flex-order:1;order:1}.order-sm-2{-ms-flex-order:2;order:2}.order-sm-3{-ms-flex-order:3;order:3}.order-sm-4{-ms-flex-order:4;order:4


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        9192.168.2.1658016151.101.65.2294432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC565OUTGET /npm/@popperjs/core@2.5.2/dist/umd/popper.min.js HTTP/1.1
                                                                                                                                                                                                                        Host: cdn.jsdelivr.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC776INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Length: 18309
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Expose-Headers: *
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                        Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                                        X-JSD-Version: 2.5.2
                                                                                                                                                                                                                        X-JSD-Version-Type: version
                                                                                                                                                                                                                        ETag: W/"4785-1nNOLfRgVlbAQdjbsczfWaJjx/0"
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Age: 2314154
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:04 GMT
                                                                                                                                                                                                                        X-Served-By: cache-fra-eddf8230131-FRA, cache-ewr-kewr1740070-EWR
                                                                                                                                                                                                                        X-Cache: HIT, MISS
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 2f 2a 2a 0a 20 2a 20 40 70 6f 70 70 65 72 6a 73 2f 63 6f 72 65 20 76 32 2e 35 2e 32 20 2d 20 4d 49 54 20 4c 69 63 65 6e 73 65 0a 20 2a 2f 0a 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 74 28 65 78 70 6f 72 74 73 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 65 78 70 6f 72 74 73 22 5d 2c 74 29 3a 74 28 28 65 3d 65 7c 7c 73 65 6c 66 29 2e 50 6f 70 70 65 72 3d 7b 7d 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28
                                                                                                                                                                                                                        Data Ascii: /** * @popperjs/core v2.5.2 - MIT License */"use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e=e||self).Popper={})}(this,(function(e){function t(
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 64 2e 73 63 72 6f 6c 6c 54 6f 70 2d 6d 2e 79 2c 77 69 64 74 68 3a 65 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 65 2e 68 65 69 67 68 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 72 65 74 75 72 6e 7b 78 3a 65 2e 6f 66 66 73 65 74 4c 65 66 74 2c 79 3a 65 2e 6f 66 66 73 65 74 54 6f 70 2c 77 69 64 74 68 3a 65 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 72 65 74 75 72 6e 22 68 74 6d 6c 22 3d 3d 3d 61 28 65 29 3f 65 3a 65 2e 61 73 73 69 67 6e 65 64 53 6c 6f 74 7c 7c 65 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 65 2e 68 6f 73 74 7c 7c 73 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 65 2c 74 29 7b 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 5b 5d 29 3b 76
                                                                                                                                                                                                                        Data Ascii: d.scrollTop-m.y,width:e.width,height:e.height}}function u(e){return{x:e.offsetLeft,y:e.offsetTop,width:e.offsetWidth,height:e.offsetHeight}}function d(e){return"html"===a(e)?e:e.assignedSlot||e.parentNode||e.host||s(e)}function m(e,t){void 0===t&&(t=[]);v
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 75 6e 63 74 69 6f 6e 28 6e 29 7b 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 3d 76 6f 69 64 20 30 2c 6e 28 65 28 29 29 7d 29 29 7d 29 29 29 2c 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 70 6c 69 74 28 22 2d 22 29 5b 30 5d 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 2e 67 65 74 52 6f 6f 74 4e 6f 64 65 26 26 74 2e 67 65 74 52 6f 6f 74 4e 6f 64 65 28 29 3b 69 66 28 6e 3d 21 28 21 6e 7c 7c 21 6e 2e 68 6f 73 74 29 2c 65 2e 63 6f 6e 74 61 69 6e 73 28 74 29 29 72 65 74 75 72 6e 21 30 3b 69 66 28 6e 29 64 6f 7b 69 66 28 74 26 26 65 2e 69 73 53 61 6d 65 4e 6f 64 65 28 74 29 29 72 65 74 75 72 6e 21 30 3b 74 3d 74 2e 70 61 72 65 6e 74 4e
                                                                                                                                                                                                                        Data Ascii: unction(n){Promise.resolve().then((function(){t=void 0,n(e())}))}))),t}}function y(e){return e.split("-")[0]}function O(e,t){var n=t.getRootNode&&t.getRootNode();if(n=!(!n||!n.host),e.contains(t))return!0;if(n)do{if(t&&e.isSameNode(t))return!0;t=t.parentN
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 28 65 29 26 26 4f 28 65 2c 6e 29 26 26 22 62 6f 64 79 22 21 3d 3d 61 28 65 29 7d 29 29 3a 5b 5d 7d 28 65 29 3a 5b 5d 2e 63 6f 6e 63 61 74 28 74 29 2c 28 6e 3d 28 6e 3d 5b 5d 2e 63 6f 6e 63 61 74 28 74 2c 5b 6e 5d 29 29 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6e 3d 78 28 65 2c 6e 29 2c 74 2e 74 6f 70 3d 4d 61 74 68 2e 6d 61 78 28 6e 2e 74 6f 70 2c 74 2e 74 6f 70 29 2c 74 2e 72 69 67 68 74 3d 4d 61 74 68 2e 6d 69 6e 28 6e 2e 72 69 67 68 74 2c 74 2e 72 69 67 68 74 29 2c 74 2e 62 6f 74 74 6f 6d 3d 4d 61 74 68 2e 6d 69 6e 28 6e 2e 62 6f 74 74 6f 6d 2c 74 2e 62 6f 74 74 6f 6d 29 2c 74 2e 6c 65 66 74 3d 4d 61 74 68 2e 6d 61 78 28 6e 2e 6c 65 66 74 2c 74 2e
                                                                                                                                                                                                                        Data Ascii: unction(e){return o(e)&&O(e,n)&&"body"!==a(e)})):[]}(e):[].concat(t),(n=(n=[].concat(t,[n])).reduce((function(t,n){return n=x(e,n),t.top=Math.max(n.top,t.top),t.right=Math.min(n.right,t.right),t.bottom=Math.min(n.bottom,t.bottom),t.left=Math.max(n.left,t.
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 65 6f 66 28 72 3d 76 6f 69 64 20 30 3d 3d 3d 28 72 3d 72 2e 70 61 64 64 69 6e 67 29 3f 30 3a 72 29 3f 72 3a 50 28 72 2c 53 29 29 3b 76 61 72 20 6c 3d 65 2e 65 6c 65 6d 65 6e 74 73 2e 72 65 66 65 72 65 6e 63 65 3b 63 3d 65 2e 72 65 63 74 73 2e 70 6f 70 70 65 72 2c 61 3d 6a 28 6f 28 70 3d 65 2e 65 6c 65 6d 65 6e 74 73 5b 70 3f 22 70 6f 70 70 65 72 22 3d 3d 3d 69 3f 22 72 65 66 65 72 65 6e 63 65 22 3a 22 70 6f 70 70 65 72 22 3a 69 5d 29 3f 70 3a 70 2e 63 6f 6e 74 65 78 74 45 6c 65 6d 65 6e 74 7c 7c 73 28 65 2e 65 6c 65 6d 65 6e 74 73 2e 70 6f 70 70 65 72 29 2c 61 2c 66 29 2c 70 3d 45 28 7b 72 65 66 65 72 65 6e 63 65 3a 66 3d 74 28 6c 29 2c 65 6c 65 6d 65 6e 74 3a 63 2c 73 74 72 61 74 65 67 79 3a 22 61 62 73 6f 6c 75 74 65 22 2c 70 6c 61 63 65 6d 65 6e 74 3a
                                                                                                                                                                                                                        Data Ascii: eof(r=void 0===(r=r.padding)?0:r)?r:P(r,S));var l=e.elements.reference;c=e.rects.popper,a=j(o(p=e.elements[p?"popper"===i?"reference":"popper":i])?p:p.contextElement||s(e.elements.popper),a,f),p=E({reference:f=t(l),element:c,strategy:"absolute",placement:
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 6e 74 29 3a 5b 5d 2c 70 6f 70 70 65 72 3a 6d 28 74 29 7d 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 76 28 65 29 3b 72 65 74 75 72 6e 20 4e 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 65 2e 63 6f 6e 63 61 74 28 74 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 70 68 61 73 65 3d 3d 3d 6e 7d 29 29 29 7d 29 2c 5b 5d 29 7d 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 65 5b 74 2e 6e 61 6d 65 5d 3b 72 65 74 75 72 6e 20 65 5b 74 2e 6e 61 6d 65 5d 3d 6e 3f 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74
                                                                                                                                                                                                                        Data Ascii: nt):[],popper:m(t)},i=function(e){var t=v(e);return N.reduce((function(e,n){return e.concat(t.filter((function(e){return e.phase===n})))}),[])}(function(e){var t=e.reduce((function(e,t){var n=e[t.name];return e[t.name]=n?Object.assign(Object.assign(Object
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 30 7d 7d 3b 72 65 74 75 72 6e 20 6b 28 65 2c 74 29 3f 28 70 2e 73 65 74 4f 70 74 69 6f 6e 73 28 69 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 21 63 26 26 69 2e 6f 6e 46 69 72 73 74 55 70 64 61 74 65 26 26 69 2e 6f 6e 46 69 72 73 74 55 70 64 61 74 65 28 65 29 7d 29 29 2c 70 29 3a 70 7d 7d 66 75 6e 63 74 69 6f 6e 20 57 28 65 29 7b 76 61 72 20 74 2c 72 3d 65 2e 70 6f 70 70 65 72 2c 6f 3d 65 2e 70 6f 70 70 65 72 52 65 63 74 2c 69 3d 65 2e 70 6c 61 63 65 6d 65 6e 74 2c 61 3d 65 2e 6f 66 66 73 65 74 73 2c 66 3d 65 2e 70 6f 73 69 74 69 6f 6e 2c 63 3d 65 2e 67 70 75 41 63 63 65 6c 65 72 61 74 69 6f 6e 2c 70 3d 65 2e 61 64 61 70 74 69 76 65 2c 6c 3d 77 69 6e 64 6f 77 2e 64 65 76 69 63 65 50 69 78 65 6c 52 61 74 69 6f 7c 7c 31 3b 65 3d 4d 61 74 68
                                                                                                                                                                                                                        Data Ascii: 0}};return k(e,t)?(p.setOptions(i).then((function(e){!c&&i.onFirstUpdate&&i.onFirstUpdate(e)})),p):p}}function W(e){var t,r=e.popper,o=e.popperRect,i=e.placement,a=e.offsets,f=e.position,c=e.gpuAcceleration,p=e.adaptive,l=window.devicePixelRatio||1;e=Math
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 2c 5b 22 61 75 74 6f 22 5d 29 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 2e 63 6f 6e 63 61 74 28 5b 74 2c 74 2b 22 2d 73 74 61 72 74 22 2c 74 2b 22 2d 65 6e 64 22 5d 29 7d 29 2c 5b 5d 29 2c 4e 3d 22 62 65 66 6f 72 65 52 65 61 64 20 72 65 61 64 20 61 66 74 65 72 52 65 61 64 20 62 65 66 6f 72 65 4d 61 69 6e 20 6d 61 69 6e 20 61 66 74 65 72 4d 61 69 6e 20 62 65 66 6f 72 65 57 72 69 74 65 20 77 72 69 74 65 20 61 66 74 65 72 57 72 69 74 65 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 56 3d 7b 70 6c 61 63 65 6d 65 6e 74 3a 22 62 6f 74 74 6f 6d 22 2c 6d 6f 64 69 66 69 65 72 73 3a 5b 5d 2c 73 74 72 61 74 65 67 79 3a 22 61 62 73 6f 6c 75 74 65 22 7d 2c 49 3d 7b 70 61 73 73 69 76 65 3a 21 30 7d 2c 5f 3d 7b 6e 61 6d 65 3a
                                                                                                                                                                                                                        Data Ascii: ,["auto"]).reduce((function(e,t){return e.concat([t,t+"-start",t+"-end"])}),[]),N="beforeRead read afterRead beforeMain main afterMain beforeWrite write afterWrite".split(" "),V={placement:"bottom",modifiers:[],strategy:"absolute"},I={passive:!0},_={name:
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 73 74 79 6c 65 73 2e 70 6f 70 70 65 72 29 2c 57 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 65 29 2c 7b 7d 2c 7b 6f 66 66 73 65 74 73 3a 74 2e 6d 6f 64 69 66 69 65 72 73 44 61 74 61 2e 70 6f 70 70 65 72 4f 66 66 73 65 74 73 2c 70 6f 73 69 74 69 6f 6e 3a 74 2e 6f 70 74 69 6f 6e 73 2e 73 74 72 61 74 65 67 79 2c 61 64 61 70 74 69 76 65 3a 6e 7d 29 29 29 29 2c 6e 75 6c 6c 21 3d 74 2e 6d 6f 64 69 66 69 65 72 73 44 61 74 61 2e 61 72 72 6f 77 26 26 28 74 2e 73 74 79 6c 65 73 2e 61 72 72 6f 77 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 74 2e 73 74 79 6c 65 73 2e 61 72 72 6f 77 29 2c 57 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73
                                                                                                                                                                                                                        Data Ascii: styles.popper),W(Object.assign(Object.assign({},e),{},{offsets:t.modifiersData.popperOffsets,position:t.options.strategy,adaptive:n})))),null!=t.modifiersData.arrow&&(t.styles.arrow=Object.assign(Object.assign({},t.styles.arrow),W(Object.assign(Object.ass
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1378INData Raw: 53 74 79 6c 65 73 22 5d 7d 2c 59 3d 7b 6e 61 6d 65 3a 22 6f 66 66 73 65 74 22 2c 65 6e 61 62 6c 65 64 3a 21 30 2c 70 68 61 73 65 3a 22 6d 61 69 6e 22 2c 72 65 71 75 69 72 65 73 3a 5b 22 70 6f 70 70 65 72 4f 66 66 73 65 74 73 22 5d 2c 66 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 73 74 61 74 65 2c 6e 3d 65 2e 6e 61 6d 65 2c 72 3d 76 6f 69 64 20 30 3d 3d 3d 28 65 3d 65 2e 6f 70 74 69 6f 6e 73 2e 6f 66 66 73 65 74 29 3f 5b 30 2c 30 5d 3a 65 2c 6f 3d 28 65 3d 43 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 6f 3d 74 2e 72 65 63 74 73 2c 69 3d 79 28 6e 29 2c 61 3d 30 3c 3d 5b 22 6c 65 66 74 22 2c 22 74 6f 70 22 5d 2e 69 6e 64 65 78 4f 66 28 69 29 3f 2d 31 3a 31 2c 73 3d 22 66 75 6e 63 74 69 6f 6e 22 3d
                                                                                                                                                                                                                        Data Ascii: Styles"]},Y={name:"offset",enabled:!0,phase:"main",requires:["popperOffsets"],fn:function(e){var t=e.state,n=e.name,r=void 0===(e=e.options.offset)?[0,0]:e,o=(e=C.reduce((function(e,n){var o=t.rects,i=y(n),a=0<=["left","top"].indexOf(i)?-1:1,s="function"=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        10192.168.2.1658017104.18.10.2074432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC563OUTGET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1
                                                                                                                                                                                                                        Host: stackpath.bootstrapcdn.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC966INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:04 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        CDN-PullZone: 252412
                                                                                                                                                                                                                        CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
                                                                                                                                                                                                                        CDN-RequestCountryCode: US
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Cache-Control: public, max-age=31919000
                                                                                                                                                                                                                        ETag: W/"02d223393e00c273efdcb1ade8f4f8b1"
                                                                                                                                                                                                                        Last-Modified: Mon, 25 Jan 2021 22:04:11 GMT
                                                                                                                                                                                                                        CDN-ProxyVer: 1.07
                                                                                                                                                                                                                        CDN-RequestPullSuccess: True
                                                                                                                                                                                                                        CDN-RequestPullCode: 200
                                                                                                                                                                                                                        CDN-CachedAt: 12/15/2024 14:03:42
                                                                                                                                                                                                                        CDN-EdgeStorageId: 1236
                                                                                                                                                                                                                        timing-allow-origin: *
                                                                                                                                                                                                                        cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        CDN-Status: 200
                                                                                                                                                                                                                        CDN-RequestTime: 0
                                                                                                                                                                                                                        CDN-RequestId: c7d60c73de883c2c6db07ae1bfdc8432
                                                                                                                                                                                                                        CDN-Cache: HIT
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 894615
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde7321cd48ca5-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC403INData Raw: 37 62 65 64 0d 0a 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 35 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c
                                                                                                                                                                                                                        Data Ascii: 7bed/*! * Bootstrap v4.5.2 (https://getbootstrap.com/) * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */!function(t,
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1369INData Raw: 6e 65 28 5b 22 65 78 70 6f 72 74 73 22 2c 22 6a 71 75 65 72 79 22 2c 22 70 6f 70 70 65 72 2e 6a 73 22 5d 2c 65 29 3a 65 28 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 7c 7c 73 65 6c 66 29 2e 62 6f 6f 74 73 74 72 61 70 3d 7b 7d 2c 74 2e 6a 51 75 65 72 79 2c 74 2e 50 6f 70 70 65 72 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3b 69 2e 65 6e 75 6d 65 72 61 62 6c 65 3d 69 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 2c 69 2e 63 6f 6e 66 69
                                                                                                                                                                                                                        Data Ascii: ne(["exports","jquery","popper.js"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).bootstrap={},t.jQuery,t.Popper)}(this,(function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.confi
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1369INData Raw: 61 74 28 69 29 3b 72 65 74 75 72 6e 20 6f 7c 7c 73 3f 28 6e 3d 6e 2e 73 70 6c 69 74 28 22 2c 22 29 5b 30 5d 2c 69 3d 69 2e 73 70 6c 69 74 28 22 2c 22 29 5b 30 5d 2c 31 65 33 2a 28 70 61 72 73 65 46 6c 6f 61 74 28 6e 29 2b 70 61 72 73 65 46 6c 6f 61 74 28 69 29 29 29 3a 30 7d 2c 72 65 66 6c 6f 77 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 2c 74 72 69 67 67 65 72 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 65 28 74 29 2e 74 72 69 67 67 65 72 28 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 29 7d 2c 73 75 70 70 6f 72 74 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 42 6f 6f 6c 65 61 6e 28 22 74 72 61 6e 73 69 74
                                                                                                                                                                                                                        Data Ascii: at(i);return o||s?(n=n.split(",")[0],i=i.split(",")[0],1e3*(parseFloat(n)+parseFloat(i))):0},reflow:function(t){return t.offsetHeight},triggerTransitionEnd:function(t){e(t).trigger("transitionend")},supportsTransitionEnd:function(){return Boolean("transit
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1369INData Raw: 73 70 65 63 69 61 6c 5b 61 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 5d 3d 7b 62 69 6e 64 54 79 70 65 3a 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 64 65 6c 65 67 61 74 65 54 79 70 65 3a 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 68 61 6e 64 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 65 28 74 2e 74 61 72 67 65 74 29 2e 69 73 28 74 68 69 73 29 29 72 65 74 75 72 6e 20 74 2e 68 61 6e 64 6c 65 4f 62 6a 2e 68 61 6e 64 6c 65 72 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 3b 76 61 72 20 6c 3d 22 61 6c 65 72 74 22 2c 63 3d 65 2e 66 6e 5b 6c 5d 2c 68 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 74 7d 76 61 72 20 6e 3d 74 2e 70 72 6f 74 6f
                                                                                                                                                                                                                        Data Ascii: special[a.TRANSITION_END]={bindType:"transitionend",delegateType:"transitionend",handle:function(t){if(e(t.target).is(this))return t.handleObj.handler.apply(this,arguments)}};var l="alert",c=e.fn[l],h=function(){function t(t){this._element=t}var n=t.proto
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1369INData Raw: 32 22 7d 7d 5d 29 2c 74 7d 28 29 3b 65 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 22 63 6c 69 63 6b 2e 62 73 2e 61 6c 65 72 74 2e 64 61 74 61 2d 61 70 69 22 2c 27 5b 64 61 74 61 2d 64 69 73 6d 69 73 73 3d 22 61 6c 65 72 74 22 5d 27 2c 68 2e 5f 68 61 6e 64 6c 65 44 69 73 6d 69 73 73 28 6e 65 77 20 68 29 29 2c 65 2e 66 6e 5b 6c 5d 3d 68 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 65 2e 66 6e 5b 6c 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 68 2c 65 2e 66 6e 5b 6c 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 66 6e 5b 6c 5d 3d 63 2c 68 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 3b 76 61 72 20 75 3d 65 2e 66 6e 2e 62 75 74 74 6f 6e 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74
                                                                                                                                                                                                                        Data Ascii: 2"}}]),t}();e(document).on("click.bs.alert.data-api",'[data-dismiss="alert"]',h._handleDismiss(new h)),e.fn[l]=h._jQueryInterface,e.fn[l].Constructor=h,e.fn[l].noConflict=function(){return e.fn[l]=c,h._jQueryInterface};var u=e.fn.button,d=function(){funct
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1369INData Raw: 29 7b 76 61 72 20 6e 3d 74 2e 74 61 72 67 65 74 2c 69 3d 6e 3b 69 66 28 65 28 6e 29 2e 68 61 73 43 6c 61 73 73 28 22 62 74 6e 22 29 7c 7c 28 6e 3d 65 28 6e 29 2e 63 6c 6f 73 65 73 74 28 22 2e 62 74 6e 22 29 5b 30 5d 29 2c 21 6e 7c 7c 6e 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 6e 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 64 69 73 61 62 6c 65 64 22 29 29 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 65 6c 73 65 7b 76 61 72 20 6f 3d 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 68 69 64 64 65 6e 22 5d 29 27 29 3b 69 66 28 6f 26 26 28 6f 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 6f 2e 63 6c 61
                                                                                                                                                                                                                        Data Ascii: ){var n=t.target,i=n;if(e(n).hasClass("btn")||(n=e(n).closest(".btn")[0]),!n||n.hasAttribute("disabled")||n.classList.contains("disabled"))t.preventDefault();else{var o=n.querySelector('input:not([type="hidden"])');if(o&&(o.hasAttribute("disabled")||o.cla
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1369INData Raw: 22 28 6e 75 6d 62 65 72 7c 62 6f 6f 6c 65 61 6e 29 22 2c 6b 65 79 62 6f 61 72 64 3a 22 62 6f 6f 6c 65 61 6e 22 2c 73 6c 69 64 65 3a 22 28 62 6f 6f 6c 65 61 6e 7c 73 74 72 69 6e 67 29 22 2c 70 61 75 73 65 3a 22 28 73 74 72 69 6e 67 7c 62 6f 6f 6c 65 61 6e 29 22 2c 77 72 61 70 3a 22 62 6f 6f 6c 65 61 6e 22 2c 74 6f 75 63 68 3a 22 62 6f 6f 6c 65 61 6e 22 7d 2c 76 3d 7b 54 4f 55 43 48 3a 22 74 6f 75 63 68 22 2c 50 45 4e 3a 22 70 65 6e 22 7d 2c 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 2c 65 29 7b 74 68 69 73 2e 5f 69 74 65 6d 73 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 3d 21
                                                                                                                                                                                                                        Data Ascii: "(number|boolean)",keyboard:"boolean",slide:"(boolean|string)",pause:"(string|boolean)",wrap:"boolean",touch:"boolean"},v={TOUCH:"touch",PEN:"pen"},b=function(){function t(t,e){this._items=null,this._interval=null,this._activeElement=null,this._isPaused=!
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1369INData Raw: 69 62 6c 65 3a 74 68 69 73 2e 6e 65 78 74 29 2e 62 69 6e 64 28 74 68 69 73 29 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 29 29 7d 2c 6e 2e 74 6f 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 3b 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3d 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 61 63 74 69 76 65 2e 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 22 29 3b 76 61 72 20 69 3d 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 28 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 29 3b 69 66 28 21 28 74 3e 74 68 69 73 2e 5f 69 74 65 6d 73 2e 6c 65 6e 67 74 68 2d 31 7c 7c 74 3c 30 29 29 69 66 28 74 68 69 73 2e 5f 69 73 53 6c 69 64 69 6e 67 29 65 28 74
                                                                                                                                                                                                                        Data Ascii: ible:this.next).bind(this),this._config.interval))},n.to=function(t){var n=this;this._activeElement=this._element.querySelector(".active.carousel-item");var i=this._getItemIndex(this._activeElement);if(!(t>this._items.length-1||t<0))if(this._isSliding)e(t
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1369INData Raw: 7b 74 2e 5f 70 6f 69 6e 74 65 72 45 76 65 6e 74 26 26 76 5b 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 70 6f 69 6e 74 65 72 54 79 70 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 5d 3f 74 2e 74 6f 75 63 68 53 74 61 72 74 58 3d 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 63 6c 69 65 6e 74 58 3a 74 2e 5f 70 6f 69 6e 74 65 72 45 76 65 6e 74 7c 7c 28 74 2e 74 6f 75 63 68 53 74 61 72 74 58 3d 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 74 6f 75 63 68 65 73 5b 30 5d 2e 63 6c 69 65 6e 74 58 29 7d 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 2e 5f 70 6f 69 6e 74 65 72 45 76 65 6e 74 26 26 76 5b 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 70 6f 69 6e 74 65 72 54 79 70 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 5d 26 26 28 74 2e 74 6f 75 63 68
                                                                                                                                                                                                                        Data Ascii: {t._pointerEvent&&v[e.originalEvent.pointerType.toUpperCase()]?t.touchStartX=e.originalEvent.clientX:t._pointerEvent||(t.touchStartX=e.originalEvent.touches[0].clientX)},i=function(e){t._pointerEvent&&v[e.originalEvent.pointerType.toUpperCase()]&&(t.touch
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC1369INData Raw: 65 6d 49 6e 64 65 78 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 69 74 65 6d 73 3d 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3f 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 74 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 2e 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 22 29 29 3a 5b 5d 2c 74 68 69 73 2e 5f 69 74 65 6d 73 2e 69 6e 64 65 78 4f 66 28 74 29 7d 2c 6e 2e 5f 67 65 74 49 74 65 6d 42 79 44 69 72 65 63 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 22 6e 65 78 74 22 3d 3d 3d 74 2c 69 3d 22 70 72 65 76 22 3d 3d 3d 74 2c 6f 3d 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 28 65 29 2c 73 3d 74 68 69 73 2e 5f 69 74 65 6d 73 2e 6c 65 6e 67 74 68
                                                                                                                                                                                                                        Data Ascii: emIndex=function(t){return this._items=t&&t.parentNode?[].slice.call(t.parentNode.querySelectorAll(".carousel-item")):[],this._items.indexOf(t)},n._getItemByDirection=function(t,e){var n="next"===t,i="prev"===t,o=this._getItemIndex(e),s=this._items.length


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        11192.168.2.1658018104.18.2.2004432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:04 UTC583OUTGET /assets/script.js HTTP/1.1
                                                                                                                                                                                                                        Host: www.zipthisapp.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:05 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:05 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Last-Modified: Wed, 25 Dec 2024 12:09:11 GMT
                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                        x-amz-version-id: 2jSi9_7UagMCkGAFP5Crm7AqWqQZ2OzG
                                                                                                                                                                                                                        X-Cache: HIT from ip-10-14-10-135.ec2.internal
                                                                                                                                                                                                                        X-Cache-Lookup: HIT from ip-10-14-10-135.ec2.internal:80
                                                                                                                                                                                                                        Cache-Control: public, max-age=14400
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Expires: Mon, 06 Jan 2025 22:52:05 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde73349b47cf6-EWR
                                                                                                                                                                                                                        2025-01-06 18:52:05 UTC813INData Raw: 31 61 34 30 0d 0a 63 6f 6e 73 74 20 44 4c 5f 44 4f 4d 41 49 4e 20 3d 20 22 68 74 74 70 73 3a 2f 2f 74 68 69 73 64 77 6e 2e 63 6f 6d 22 3b 0a 63 6f 6e 73 74 20 42 51 5f 50 41 54 48 20 3d 20 22 68 74 74 70 73 3a 2f 2f 62 71 2e 7a 69 70 74 68 69 73 61 70 70 2e 63 6f 6d 2f 72 65 70 6f 72 74 3f 22 3b 0a 0a 63 6f 6e 73 74 20 75 72 6c 20 3d 20 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 0a 63 6f 6e 73 74 20 70 72 6f 74 6f 63 6f 6c 20 3d 20 75 72 6c 2e 70 72 6f 74 6f 63 6f 6c 3b 0a 63 6f 6e 73 74 20 73 75 62 64 6f 6d 61 69 6e 73 20 3d 20 75 72 6c 2e 68 6f 73 74 6e 61 6d 65 2e 73 70 6c 69 74 28 22 2e 22 29 2e 73 6c 69 63 65 28 30 2c 20 2d 32 29 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 73 65 74 43 6f 6f 6b 69 65 28 6e 61 6d
                                                                                                                                                                                                                        Data Ascii: 1a40const DL_DOMAIN = "https://thisdwn.com";const BQ_PATH = "https://bq.zipthisapp.com/report?";const url = new URL(window.location.href);const protocol = url.protocol;const subdomains = url.hostname.split(".").slice(0, -2);function setCookie(nam
                                                                                                                                                                                                                        2025-01-06 18:52:05 UTC1369INData Raw: 69 65 5b 32 5d 20 3a 20 22 22 3b 0a 7d 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 67 65 6e 65 72 61 74 65 55 55 49 44 28 29 20 7b 0a 20 20 69 66 20 28 63 72 79 70 74 6f 2e 72 61 6e 64 6f 6d 55 55 49 44 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 63 72 79 70 74 6f 2e 72 61 6e 64 6f 6d 55 55 49 44 28 29 3b 0a 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 2f 2f 20 46 61 6c 6c 62 61 63 6b 20 74 6f 20 52 46 43 34 31 32 32 20 76 65 72 73 69 6f 6e 20 34 20 55 55 49 44 0a 20 20 20 20 72 65 74 75 72 6e 20 22 78 78 78 78 78 78 78 78 2d 78 78 78 78 2d 34 78 78 78 2d 79 78 78 78 2d 78 78 78 78 78 78 78 78 78 78 78 78 22 2e 72 65 70 6c 61 63 65 28 0a 20 20 20 20 20 20 2f 5b 78 79 5d 2f 67 2c 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 28 63 29 20 7b 0a 20 20 20 20 20 20
                                                                                                                                                                                                                        Data Ascii: ie[2] : "";};function generateUUID() { if (crypto.randomUUID) { return crypto.randomUUID(); } else { // Fallback to RFC4122 version 4 UUID return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace( /[xy]/g, function (c) {
                                                                                                                                                                                                                        2025-01-06 18:52:05 UTC1369INData Raw: 6f 64 79 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 62 6c 75 72 72 65 64 22 29 3b 0a 20 20 2f 2f 20 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 2f 2f 20 20 20 69 6e 64 69 63 61 74 6f 72 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 73 68 6f 77 22 29 3b 0a 20 20 2f 2f 20 7d 2c 20 31 30 29 3b 0a 0a 20 20 69 66 20 28 74 79 70 65 6f 66 20 64 61 74 61 4c 61 79 65 72 20 21 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 29 0a 20 20 20 20 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 7b 0a 20 20 20 20 20 20 65 76 65 6e 74 3a 20 22 67 61 5f 65 76 65 6e 74 22 2c 0a 20 20 20 20 20 20 65 76 65 6e 74 43 61 74 65 67 6f 72 79 3a 20 22 61 63 74 69 6f 6e 22 2c 0a 20 20 20 20 20 20 65 76 65 6e 74 41 63 74 69 6f 6e 3a 20 22 64 6c 20 63
                                                                                                                                                                                                                        Data Ascii: ody.classList.add("blurred"); // setTimeout(function () { // indicator.classList.add("show"); // }, 10); if (typeof dataLayer !== "undefined") dataLayer.push({ event: "ga_event", eventCategory: "action", eventAction: "dl c
                                                                                                                                                                                                                        2025-01-06 18:52:05 UTC1369INData Raw: 20 20 70 6c 61 63 65 6d 65 6e 74 5f 69 64 3a 20 67 65 74 43 6f 6f 6b 69 65 28 22 70 6c 61 63 65 6d 65 6e 74 5f 69 64 22 29 2c 0a 20 20 20 20 63 72 65 61 74 69 76 65 5f 69 64 3a 20 67 65 74 43 6f 6f 6b 69 65 28 22 63 72 65 61 74 69 76 65 5f 69 64 22 29 2c 0a 20 20 20 20 63 61 6d 70 61 69 67 6e 5f 69 64 3a 20 67 65 74 43 6f 6f 6b 69 65 28 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 29 2c 0a 20 20 7d 3b 0a 0a 20 20 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 28 64 65 66 61 75 6c 74 50 61 72 61 6d 73 29 0a 20 20 20 20 2e 6d 61 70 28 28 5b 6b 65 79 2c 20 76 61 6c 75 65 5d 29 20 3d 3e 20 60 24 7b 6b 65 79 7d 3d 24 7b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 76 61 6c 75 65 29 7d 60 29 0a 20 20 20 20 2e 6a 6f 69 6e 28 22 26 22 29 3b
                                                                                                                                                                                                                        Data Ascii: placement_id: getCookie("placement_id"), creative_id: getCookie("creative_id"), campaign_id: getCookie("campaign_id"), }; return Object.entries(defaultParams) .map(([key, value]) => `${key}=${encodeURIComponent(value)}`) .join("&");
                                                                                                                                                                                                                        2025-01-06 18:52:05 UTC1369INData Raw: 65 70 49 6e 74 65 72 76 61 6c 20 3d 20 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 67 65 74 43 6f 6f 6b 69 65 28 27 5f 67 61 27 29 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 52 65 70 6f 72 74 2e 62 71 52 65 70 6f 72 74 28 27 6c 70 61 67 65 5f 72 65 70 6f 72 74 27 2c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 74 72 69 62 75 74 65 72 5f 69 64 3a 20 67 65 74 43 6f 6f 6b 69 65 28 27 64 69 73 74 27 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 69 64 3a 20 67 65 74 43 6f 6f 6b 69 65 28 27 63 69 64 27 29 20 7c 7c 20 67 65 74 43 6f 6f 6b 69 65 28 27 67 63 6c 69
                                                                                                                                                                                                                        Data Ascii: epInterval = setInterval(function() { if (getCookie('_ga')) { Report.bqReport('lpage_report', { distributer_id: getCookie('dist'), cid: getCookie('cid') || getCookie('gcli
                                                                                                                                                                                                                        2025-01-06 18:52:05 UTC439INData Raw: 27 2f 27 2c 27 27 29 3b 0a 0a 0a 20 20 20 20 63 6f 6e 73 74 20 6a 73 6f 6e 20 3d 20 7b 0a 20 20 20 20 20 20 65 76 65 6e 74 5f 6e 61 6d 65 3a 20 65 4e 61 6d 65 2c 0a 20 20 20 20 20 20 64 61 74 61 53 65 74 3a 20 22 72 65 70 6f 72 74 22 2c 0a 20 20 20 20 20 20 70 6c 61 74 66 6f 72 6d 3a 20 22 70 63 22 2c 0a 20 20 20 20 20 20 69 6e 66 6f 4a 73 6f 6e 3a 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 64 61 74 61 29 2c 0a 20 20 20 20 7d 3b 0a 0a 20 20 20 20 63 6f 6e 73 74 20 72 65 70 6f 72 74 55 72 6c 20 3d 20 60 24 7b 42 51 5f 50 41 54 48 7d 24 7b 73 65 72 69 61 6c 69 7a 65 4f 62 6a 28 6a 73 6f 6e 29 7d 60 3b 0a 0a 20 20 20 20 74 72 79 20 7b 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 72 65 73 70 6f 6e 73 65 20 3d 20 61 77 61 69 74 20 66 65 74 63 68 28 72 65 70 6f
                                                                                                                                                                                                                        Data Ascii: '/',''); const json = { event_name: eName, dataSet: "report", platform: "pc", infoJson: JSON.stringify(data), }; const reportUrl = `${BQ_PATH}${serializeObj(json)}`; try { const response = await fetch(repo
                                                                                                                                                                                                                        2025-01-06 18:52:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        12192.168.2.165802145.33.84.94436532C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:06 UTC154OUTPOST /r HTTP/1.1
                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                        Host: can.thisilient.com
                                                                                                                                                                                                                        Content-Length: 616
                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC616OUTData Raw: 56 30 46 63 58 55 42 6d 57 41 55 50 41 41 31 56 57 46 74 58 43 42 56 76 57 6c 6b 58 52 51 63 4f 44 51 52 48 55 51 70 59 50 41 68 64 55 42 39 61 57 6b 70 43 42 51 34 4a 56 55 52 72 51 46 63 4b 42 46 46 41 55 6a 74 48 41 78 41 53 44 46 78 57 57 41 64 54 53 67 4d 5a 43 77 73 61 43 41 5a 57 52 41 52 41 52 6d 74 62 56 6c 74 51 42 77 4d 44 58 41 46 54 56 46 4a 63 41 77 46 52 41 56 4a 53 46 45 4a 4b 56 6b 5a 6d 58 77 42 66 42 46 45 43 42 41 49 4b 41 41 63 64 42 77 46 58 56 45 74 57 41 67 41 46 46 56 30 45 55 46 51 66 55 67 6f 4c 55 67 46 58 55 6c 55 41 41 31 56 53 46 45 45 46 45 31 56 57 57 54 74 44 41 78 45 4f 43 55 5a 4d 44 46 6b 4e 57 51 4d 46 41 51 4e 4d 43 41 5a 57 56 6b 4e 54 58 6c 56 63 58 41 4d 4e 62 31 70 54 57 51 46 41 45 51 34 51 51 56 73 41 61 51 6f
                                                                                                                                                                                                                        Data Ascii: V0FcXUBmWAUPAA1VWFtXCBVvWlkXRQcODQRHUQpYPAhdUB9aWkpCBQ4JVURrQFcKBFFAUjtHAxASDFxWWAdTSgMZCwsaCAZWRARARmtbVltQBwMDXAFTVFJcAwFRAVJSFEJKVkZmXwBfBFECBAIKAAcdBwFXVEtWAgAFFV0EUFQfUgoLUgFXUlUAA1VSFEEFE1VWWTtDAxEOCUZMDFkNWQMFAQNMCAZWVkNTXlVcXAMNb1pTWQFAEQ4QQVsAaQo
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC190INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:07 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC65INData Raw: 33 62 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 4f 6b 20 66 72 6f 6d 20 72 65 70 6f 72 74 20 70 6f 73 74 20 73 65 72 76 69 63 65 20 50 4f 53 54 22 2c 22 73 74 61 74 75 73 22 3a 32 30 30 7d 0d 0a
                                                                                                                                                                                                                        Data Ascii: 3b{"message":"Ok from report post service POST","status":200}
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        13192.168.2.165802245.33.84.94434080C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC154OUTPOST /r HTTP/1.1
                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                        Host: can.thisilient.com
                                                                                                                                                                                                                        Content-Length: 148
                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC148OUTData Raw: 56 30 46 63 58 55 42 6d 57 41 55 50 41 41 31 59 56 55 5a 62 45 41 52 76 55 6b 63 55 62 68 4d 52 41 41 4a 57 48 68 42 46 42 68 5a 74 58 6c 30 4f 56 56 67 43 56 46 4a 64 56 6c 41 5a 42 67 52 56 42 42 30 48 56 41 45 48 53 31 70 54 56 67 4d 56 41 41 56 62 41 67 70 57 44 77 52 52 43 6c 55 43 52 41 52 41 52 6d 74 62 56 6c 74 51 42 77 4d 44 58 41 46 54 56 46 4a 63 41 77 46 52 41 56 4a 53 46 46 4a 50 56 6c 70 4e 43 79 73 53 41 46 35 54 55 41 3d 3d
                                                                                                                                                                                                                        Data Ascii: V0FcXUBmWAUPAA1YVUZbEARvUkcUbhMRAAJWHhBFBhZtXl0OVVgCVFJdVlAZBgRVBB0HVAEHS1pTVgMVAAVbAgpWDwRRClUCRARARmtbVltQBwMDXAFTVFJcAwFRAVJSFFJPVlpNCysSAF5TUA==
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC190INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:07 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC65INData Raw: 33 62 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 4f 6b 20 66 72 6f 6d 20 72 65 70 6f 72 74 20 70 6f 73 74 20 73 65 72 76 69 63 65 20 50 4f 53 54 22 2c 22 73 74 61 74 75 73 22 3a 32 30 30 7d 0d 0a
                                                                                                                                                                                                                        Data Ascii: 3b{"message":"Ok from report post service POST","status":200}
                                                                                                                                                                                                                        2025-01-06 18:52:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        14192.168.2.1658025142.250.185.1964432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1033OUTPOST /ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess&scrsrc=www.googletagmanager.com&frm=0&rnd=760525524.1736189525&dt=Zip%20This%20-%20Successfully%20Updated&auid=1994571191.1736189525&navt=n&npa=0&gtm=45He4cc1v9175374541za200&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1736189525197&tfd=4440&apve=1 HTTP/1.1
                                                                                                                                                                                                                        Host: www.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC582INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:08 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Vary: X-Origin
                                                                                                                                                                                                                        Vary: Referer
                                                                                                                                                                                                                        Server: scaffolding on HTTPServer2
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        Access-Control-Expose-Headers: date,vary,vary,vary,server,content-length
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        15192.168.2.1658027104.18.1.754432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC838OUTGET /postback?token=lhFuZHhnmEU0CnFSQoBpfnKQETPJWjQ7GP3E1t2mPDoV0V8KTUSNnS3kM5sdYyPJJ0QVMQZXUEqldvAwZHZAi5iWDJGd6xv3UiC5DlLHR6OuKvYbYP1MJjyWIdWHGJSzrgcElEsPIIp8kP0iaGgP7IAGMAoalPfsZh26Q030Oi9yoe26wH6WXt5cZYKE1NP1cK0xZGHj&click_id=null&gtmcb=1092898519 HTTP/1.1
                                                                                                                                                                                                                        Host: api-advertiser.linkvertise.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC343INHTTP/1.1 412 Precondition Failed
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:08 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, private
                                                                                                                                                                                                                        vary: Origin
                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                        X-Frame-Options: sameorigin
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde748faf8efa7-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC29INData Raw: 31 37 0d 0a 54 72 61 63 6b 69 6e 67 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 0d 0a
                                                                                                                                                                                                                        Data Ascii: 17Tracking does not exist
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        16192.168.2.1658031216.239.34.1814432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1384OUTPOST /g/collect?v=2&tid=G-3D171KFV2T&gtm=45je4cc1v9176321766z89175374541za200zb9175374541&_p=1736189523064&_gaz=1&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1855466587.1736189527&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1736189526&sct=1&seg=0&dl=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&dt=Zip%20This%20-%20Successfully%20Updated&en=page_view&_fv=1&_nsi=1&_ss=1&ep.TYP_UID=aa4008ff-463e-4ce6-8230-e38f8a67e3cf&ep.Browser_Lang=en-US&tfd=5919 HTTP/1.1
                                                                                                                                                                                                                        Host: analytics.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC849INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:08 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                                                                        Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
                                                                                                                                                                                                                        Server: Golfe2
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        17192.168.2.1658033216.239.34.1814432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1357OUTPOST /g/collect?v=2&tid=G-3D171KFV2T&gtm=45je4cc1v9176321766z89175374541za200zb9175374541&_p=1736189523064&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1855466587.1736189527&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=2&sid=1736189526&sct=1&seg=0&dl=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&dt=Zip%20This%20-%20Successfully%20Updated&en=TYP&_c=1&ep.TYP_UID=aa4008ff-463e-4ce6-8230-e38f8a67e3cf&ep.Browser_Lang=en-US&tfd=5975 HTTP/1.1
                                                                                                                                                                                                                        Host: analytics.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1068INHTTP/1.1 302 Found
                                                                                                                                                                                                                        Location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1855466587.1736189527&dbk=16603491583877662589&dma=0&en=TYP&gcs=G111&gtm=45je4cc1v9176321766z89175374541za200zb9175374541&npa=0&tid=G-3D171KFV2T&dl=https%3A%2F%2Fwww.zipthisapp.com%3F
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:08 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                                                                        Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
                                                                                                                                                                                                                        Server: Golfe2
                                                                                                                                                                                                                        Content-Length: 494
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC322INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 70 72 69 76 61 63 79 2d 73 61 6e 64 62 6f 78 2f 72 65 67 69 73 74 65 72 2d 63 6f 6e 76 65 72 73 69 6f 6e 3f 5f 63 3d 31 26 61 6d 70 3b 63 69 64 3d 31 38 35 35 34
                                                                                                                                                                                                                        Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&amp;cid=18554
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC172INData Raw: 61 6d 70 3b 67 63 73 3d 47 31 31 31 26 61 6d 70 3b 67 74 6d 3d 34 35 6a 65 34 63 63 31 76 39 31 37 36 33 32 31 37 36 36 7a 38 39 31 37 35 33 37 34 35 34 31 7a 61 32 30 30 7a 62 39 31 37 35 33 37 34 35 34 31 26 61 6d 70 3b 6e 70 61 3d 30 26 61 6d 70 3b 74 69 64 3d 47 2d 33 44 31 37 31 4b 46 56 32 54 26 61 6d 70 3b 64 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 7a 69 70 74 68 69 73 61 70 70 2e 63 6f 6d 25 33 46 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: amp;gcs=G111&amp;gtm=45je4cc1v9176321766z89175374541za200zb9175374541&amp;npa=0&amp;tid=G-3D171KFV2T&amp;dl=https%3A%2F%2Fwww.zipthisapp.com%3F">here</A>.</BODY></HTML>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        18192.168.2.1658030142.250.186.664432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1312OUTGET /pagead/viewthroughconversion/10807868703/?random=1736189526605&cv=11&fst=1736189526605&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                        Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC842INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:08 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                        Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 06-Jan-2025 19:07:08 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC548INData Raw: 31 32 34 62 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 6b 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c
                                                                                                                                                                                                                        Data Ascii: 124b(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};function k(a){a=["object"==typeof globalThis&&global
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1390INData Raw: 3b 66 75 6e 63 74 69 6f 6e 20 75 28 61 2c 62 2c 63 29 7b 69 66 28 21 63 7c 7c 61 21 3d 6e 75 6c 6c 29 7b 63 3d 74 5b 62 5d 3b 69 66 28 63 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 5b 62 5d 3b 63 3d 61 5b 63 5d 3b 72 65 74 75 72 6e 20 63 21 3d 3d 76 6f 69 64 20 30 3f 63 3a 61 5b 62 5d 7d 7d 20 66 75 6e 63 74 69 6f 6e 20 76 28 61 2c 62 2c 63 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 64 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 61 3d 64 2e 6c 65 6e 67 74 68 3d 3d 3d 31 3b 76 61 72 20 65 3d 64 5b 30 5d 2c 67 3b 21 61 26 26 65 20 69 6e 20 71 3f 67 3d 71 3a 67 3d 6d 3b 66 6f 72 28 65 3d 30 3b 65 3c 64 2e 6c 65 6e 67 74 68 2d 31 3b 65 2b 2b 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 69 66 28 21 28 66 20 69 6e 20 67 29 29 62 72 65 61 6b 20 61 3b 67 3d 67 5b 66 5d
                                                                                                                                                                                                                        Data Ascii: ;function u(a,b,c){if(!c||a!=null){c=t[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} function v(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],g;!a&&e in q?g=q:g=m;for(e=0;e<d.length-1;e++){var f=d[e];if(!(f in g))break a;g=g[f]
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1390INData Raw: 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 62 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 7d 3b 62 2e 73 72 63 3d 61 7d 3b 76 61 72 20 46 2c 47 3b 61 3a 7b 66 6f 72 28 76 61 72 20 48 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 49 3d 78 2c 4a 3d 30 3b 4a 3c 48 2e 6c 65 6e 67 74 68 3b 4a 2b 2b 29 69 66 28 49 3d 49 5b 48 5b 4a 5d 5d 2c 49 3d 3d 6e 75 6c 6c 29 7b 47 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 47 3d 49 7d 76 61 72 20 4b 3d 47 26 26 47 5b 36 31 30 34 30 31 33 30 31 5d 3b 46 3d 4b 21 3d 6e 75 6c 6c 3f 4b 3a 21 31 3b 76 61 72 20 4c 2c 4d 3d 78 2e 6e 61 76 69 67 61 74 6f 72 3b 4c 3d 4d 3f 4d 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 4e 28 61 29 7b 72 65 74 75 72 6e 20 46 3f 4c
                                                                                                                                                                                                                        Data Ascii: ror=function(){b.onerror=null};b.src=a};var F,G;a:{for(var H=["CLOSURE_FLAGS"],I=x,J=0;J<H.length;J++)if(I=I[H[J]],I==null){G=null;break a}G=I}var K=G&&G[610401301];F=K!=null?K:!1;var L,M=x.navigator;L=M?M.userAgentData||null:null;function N(a){return F?L
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1363INData Raw: 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 45 28 64 5b 6c 2e 67 5d 29 26 26 65 28 29 7d 7d 28 66 29 29 29 3b 70 2e 6f 6e 6c 6f 61 64 3d 65 3b 70 2e 73 72 63 3d 63 5b 66 2e 67 5d 7d 65 28 29 7d 76 61 72 20 56 3d 5b 22 73 73 5f 22 5d 2c 57 3d 73 7c 7c 78 3b 20 56 5b 30 5d 69 6e 20 57 7c 7c 74 79 70 65 6f 66 20 57 2e 65 78 65 63 53 63 72 69 70 74 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 7c 7c 57 2e 65 78 65 63 53 63 72 69 70 74 28 22 76 61 72 20 22 2b 56 5b 30 5d 29 3b 66 6f 72 28 76 61 72 20 58 3b 56 2e 6c 65 6e 67 74 68 26 26 28 58 3d 56 2e 73 68 69 66 74 28 29 29 3b 29 56 2e 6c 65 6e 67 74 68 7c 7c 55 3d 3d 3d 76 6f 69 64 20 30 3f 57 5b 58 5d 26 26 57 5b 58 5d 21 3d 3d 4f 62 6a 65 63 74 2e 70 72
                                                                                                                                                                                                                        Data Ascii: rror=function(l){return function(){E(d[l.g])&&e()}}(f)));p.onload=e;p.src=c[f.g]}e()}var V=["ss_"],W=s||x; V[0]in W||typeof W.execScript=="undefined"||W.execScript("var "+V[0]);for(var X;V.length&&(X=V.shift());)V.length||U===void 0?W[X]&&W[X]!==Object.pr
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        19192.168.2.165803274.125.71.1564432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC890OUTPOST /g/collect?v=2&tid=G-3D171KFV2T&cid=1855466587.1736189527&gtm=45je4cc1v9176321766z89175374541za200zb9175374541&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178 HTTP/1.1
                                                                                                                                                                                                                        Host: stats.g.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC849INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:08 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                                                                        Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
                                                                                                                                                                                                                        Server: Golfe2
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        20192.168.2.1658035142.250.185.2264432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1523OUTGET /td/rul/10807868703?random=1736189526577&cv=11&fst=1736189526577&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&label=pzUUCKf2w4MDEJ_6y6Eo&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&ct_cookie_present=0 HTTP/1.1
                                                                                                                                                                                                                        Host: td.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:08 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 06-Jan-2025 19:07:08 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC605INData Raw: 33 66 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 41 76 68 35 4e 79 30 58 45 46 43 79 51 37 2b 6f 4e 69 65 58 73 6b 55 72 71 59 38 65 64 55 7a 4c 35 2f 58 72 77 4b 6c 47 6a 41 52 51 48 57 34 54 46 52 4b 2b 6a 56 64 35 48 6e 44 49 70 59 32 30 6e 35 4f 4c 48 66 67 55 34 6b 75 37 78 34 38 4e 33 75 68 47 2f 41 30 41 41 41 42 78 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 52 76 64 57 4a 73 5a 57 4e 73 61 57 4e 72 4c 6d 35 6c 64 44 6f 30 4e 44 4d 69 4c 43 4a 6d 5a 57 46 30 64 58 4a 6c 49 6a 6f 69 55 48 4a 70 64 6d 46 6a 65 56 4e 68 62 6d 52 69 62 33 68 42 5a 48 4e 42 55 45 6c 7a 49 69 77 69 5a 58 68 77 61
                                                                                                                                                                                                                        Data Ascii: 3f5<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwa
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC415INData Raw: 72 65 73 74 47 72 6f 75 70 73 29 7b 74 72 79 7b 69 66 28 69 2e 61 63 74 69 6f 6e 3d 3d 30 29 7b 6e 61 76 69 67 61 74 6f 72 2e 6a 6f 69 6e 41 64 49 6e 74 65 72 65 73 74 47 72 6f 75 70 28 69 2e 69 6e 74 65 72 65 73 74 47 72 6f 75 70 41 74 74 72 69 62 75 74 65 73 2c 69 2e 65 78 70 69 72 61 74 69 6f 6e 54 69 6d 65 49 6e 53 65 63 6f 6e 64 73 29 3b 7d 65 6c 73 65 20 69 66 28 69 2e 61 63 74 69 6f 6e 3d 3d 31 29 7b 6e 61 76 69 67 61 74 6f 72 2e 6c 65 61 76 65 41 64 49 6e 74 65 72 65 73 74 47 72 6f 75 70 28 69 2e 69 6e 74 65 72 65 73 74 47 72 6f 75 70 41 74 74 72 69 62 75 74 65 73 29 3b 7d 7d 63 61 74 63 68 28 65 29 7b 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 28 60 68 74 74 70 73 3a 2f 2f 70 61 67 65 61 64 32 2e 67 6f 6f 67 6c 65 73 79 6e 64 69
                                                                                                                                                                                                                        Data Ascii: restGroups){try{if(i.action==0){navigator.joinAdInterestGroup(i.interestGroupAttributes,i.expirationTimeInSeconds);}else if(i.action==1){navigator.leaveAdInterestGroup(i.interestGroupAttributes);}}catch(e){navigator.sendBeacon(`https://pagead2.googlesyndi
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        21192.168.2.1658036142.250.186.384432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1313OUTGET /activity;register_conversion=1;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=1994571191.1736189525;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf? HTTP/1.1
                                                                                                                                                                                                                        Host: ad.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Attribution-Reporting-Eligible: event-source, trigger;navigation-source
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC2507INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:09 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                        Attribution-Reporting-Register-Trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"7047662648588361749"}],"aggregatable_trigger_data":[{"filters":[{"14":["110359046"]}],"key_piece":"0xa8c4b22517ad0266","source_keys":["12","13","14","15","16","17","18","19","20","21","30240616","30240617","30240618","30240619","905515468","905515469","905515470","905515471","906361600","906361601","906361602","906361603"]},{"key_piece":"0xa31a9be98fea8c11","not_filters":{"14":["110359046"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","30240616","30240617","30240618","30240619","905515468","905515469","905515470","905515471","906361600","906361601","906361602","906361603"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"30240616":327,"30240617":327,"30240618":327,"30240619":31784,"905515468":163,"905515469":163,"905515470":163,"905515471":15892,"906361600":218,"906361601":218,"906361602":218,"906361603":21189},"debug_key":"188350 [TRUNCATED]
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Set-Cookie: ar_debug=1; expires=Wed, 05-Feb-2025 18:52:09 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                        Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 06-Jan-2025 19:07:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        22192.168.2.1658037142.250.185.2264432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1436OUTGET /td/rul/10807868703?random=1736189526605&cv=11&fst=1736189526605&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse HTTP/1.1
                                                                                                                                                                                                                        Host: td.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:09 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 06-Jan-2025 19:07:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC605INData Raw: 33 66 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 41 76 68 35 4e 79 30 58 45 46 43 79 51 37 2b 6f 4e 69 65 58 73 6b 55 72 71 59 38 65 64 55 7a 4c 35 2f 58 72 77 4b 6c 47 6a 41 52 51 48 57 34 54 46 52 4b 2b 6a 56 64 35 48 6e 44 49 70 59 32 30 6e 35 4f 4c 48 66 67 55 34 6b 75 37 78 34 38 4e 33 75 68 47 2f 41 30 41 41 41 42 78 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 52 76 64 57 4a 73 5a 57 4e 73 61 57 4e 72 4c 6d 35 6c 64 44 6f 30 4e 44 4d 69 4c 43 4a 6d 5a 57 46 30 64 58 4a 6c 49 6a 6f 69 55 48 4a 70 64 6d 46 6a 65 56 4e 68 62 6d 52 69 62 33 68 42 5a 48 4e 42 55 45 6c 7a 49 69 77 69 5a 58 68 77 61
                                                                                                                                                                                                                        Data Ascii: 3f5<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwa
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC415INData Raw: 72 65 73 74 47 72 6f 75 70 73 29 7b 74 72 79 7b 69 66 28 69 2e 61 63 74 69 6f 6e 3d 3d 30 29 7b 6e 61 76 69 67 61 74 6f 72 2e 6a 6f 69 6e 41 64 49 6e 74 65 72 65 73 74 47 72 6f 75 70 28 69 2e 69 6e 74 65 72 65 73 74 47 72 6f 75 70 41 74 74 72 69 62 75 74 65 73 2c 69 2e 65 78 70 69 72 61 74 69 6f 6e 54 69 6d 65 49 6e 53 65 63 6f 6e 64 73 29 3b 7d 65 6c 73 65 20 69 66 28 69 2e 61 63 74 69 6f 6e 3d 3d 31 29 7b 6e 61 76 69 67 61 74 6f 72 2e 6c 65 61 76 65 41 64 49 6e 74 65 72 65 73 74 47 72 6f 75 70 28 69 2e 69 6e 74 65 72 65 73 74 47 72 6f 75 70 41 74 74 72 69 62 75 74 65 73 29 3b 7d 7d 63 61 74 63 68 28 65 29 7b 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 28 60 68 74 74 70 73 3a 2f 2f 70 61 67 65 61 64 32 2e 67 6f 6f 67 6c 65 73 79 6e 64 69
                                                                                                                                                                                                                        Data Ascii: restGroups){try{if(i.action==0){navigator.joinAdInterestGroup(i.interestGroupAttributes,i.expirationTimeInSeconds);}else if(i.action==1){navigator.leaveAdInterestGroup(i.interestGroupAttributes);}}catch(e){navigator.sendBeacon(`https://pagead2.googlesyndi
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        23192.168.2.1658038142.250.185.2264432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1025OUTGET /td/ga/rul?tid=G-3D171KFV2T&gacid=1855466587.1736189527&gtm=45je4cc1v9176321766z89175374541za200zb9175374541&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1554550537 HTTP/1.1
                                                                                                                                                                                                                        Host: td.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:09 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 06-Jan-2025 19:07:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC18INData Raw: 64 0d 0a 3c 68 74 6d 6c 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: d<html></html>
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        24192.168.2.1658039142.250.185.2304432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:08 UTC1332OUTGET /activityi;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=1994571191.1736189525;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf? HTTP/1.1
                                                                                                                                                                                                                        Host: 14918961.fls.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC1304INHTTP/1.1 302 Found
                                                                                                                                                                                                                        P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:09 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                        Follow-Only-When-Prerender-Shown: 1
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=21600
                                                                                                                                                                                                                        Location: https://14918961.fls.doubleclick.net/activityi;dc_pre=CLDyl4Hi4YoDFeHtEQgdf90iTg;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=1994571191.1736189525;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf?
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        25192.168.2.1658040142.250.185.2264432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC1342OUTGET /td/fls/rul/activityi;fledge=1;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=1994571191.1736189525;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf? HTTP/1.1
                                                                                                                                                                                                                        Host: td.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC795INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:09 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 06-Jan-2025 19:07:09 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC18INData Raw: 64 0d 0a 3c 68 74 6d 6c 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: d<html></html>
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        26192.168.2.1658043142.250.186.664432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC1912OUTGET /pagead/viewthroughconversion/10807868703/?random=1591526551&cv=11&fst=1736189526577&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&label=pzUUCKf2w4MDEJ_6y6Eo&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&value=0&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAiIBATgBQAFKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&eitems=ChEIgJvuuwYQkveL2YT_vaegARIdALDatqwd0GhMA-ulGv4CjBVHcUPpiBTpWanhaIA&pscrd=CJfIo9OoovCraiITCI6Y_oDi4YoDFdnwEQgdnA4cBDICCAMyAgg [TRUNCATED]
                                                                                                                                                                                                                        Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC2052INHTTP/1.1 302 Found
                                                                                                                                                                                                                        P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:09 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                        Location: https://www.google.com/pagead/1p-conversion/10807868703/?random=1591526551&cv=11&fst=1736189526577&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&label=pzUUCKf2w4MDEJ_6y6Eo&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&value=0&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAiIBATgBQAFKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&pscrd=CJfIo9OoovCraiITCI6Y_oDi4YoDFdnwEQgdnA4cBDICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLMgIIFTICCB8yAggTMgIIEj [TRUNCATED]
                                                                                                                                                                                                                        Content-Type: image/gif
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        Content-Length: 42
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 06-Jan-2025 19:07:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                        Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        27192.168.2.1658044142.250.185.1964432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC1439OUTGET /pagead/1p-user-list/10807868703/?random=1736189526605&cv=11&fst=1736186400000&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dARwfrk1l54WFoStcEeX6hETlZHX2QQ&random=328849773&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                        Host: www.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:09 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Content-Type: image/gif
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        Content-Length: 42
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                        Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        28192.168.2.1658046142.250.185.2304432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:09 UTC1418OUTGET /activityi;dc_pre=CLDyl4Hi4YoDFeHtEQgdf90iTg;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=1994571191.1736189525;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf? HTTP/1.1
                                                                                                                                                                                                                        Host: 14918961.fls.doubleclick.net
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: test_cookie=CheckForPermission; ar_debug=1
                                                                                                                                                                                                                        2025-01-06 18:52:10 UTC984INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:10 GMT
                                                                                                                                                                                                                        Expires: Mon, 06 Jan 2025 18:52:10 GMT
                                                                                                                                                                                                                        Cache-Control: private, max-age=0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=21600
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Set-Cookie: IDE=AHWqTUmhETBkqxiYVGX0NrdgekeBiILr2Y6LISARR8vOKn2NNnoMJIn1rgl_pOd3mTk; expires=Wed, 06-Jan-2027 18:52:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                        Set-Cookie: test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:10 UTC406INData Raw: 33 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 64 73 65 72 76 69 63 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 64 64 6d 2f 66 6c 73 2f 7a 2f 64 63 5f 70 72 65 3d 43 4c 44 79 6c 34 48 69 34 59 6f 44 46 65
                                                                                                                                                                                                                        Data Ascii: 31b<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://adservice.google.com/ddm/fls/z/dc_pre=CLDyl4Hi4YoDFe
                                                                                                                                                                                                                        2025-01-06 18:52:10 UTC396INData Raw: 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 25 37 43 4e 6f 74 25 32 35 33 42 41 25 32 35 33 44 42 72 61 6e 64 25 33 42 38 2e 30 2e 30 2e 30 25 37 43 43 68 72 6f 6d 69 75 6d 25 33 42 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 3b 75 61 6d 62 3d 30 3b 75 61 6d 3d 3b 75 61 70 3d 57 69 6e 64 6f 77 73 3b 75 61 70 76 3d 31 30 2e 30 2e 30 3b 75 61 77 3d 30 3b 70 73 63 64 6c 3d 6e 6f 61 70 69 3b 66 72 6d 3d 30 3b 67 74 6d 3d 34 35 66 65 34 63 63 31 76 39 31 39 36 39 37 36 31 34 33 7a 38 39 31 37 35 33 37 34 35 34 31 7a 61 32 30 31 7a 62 39 31 37 35 33 37 34 35 34 31 3b 67 63 73 3d 47 31 31 31 3b 67 63 64 3d 31 33 74 33 74 33 74 33 74 35 6c 31 3b 64 6d 61 3d 30 3b 74 61 67 5f 65 78 70 3d 31 30 31 39 32 35 36 32 39 7e 31 30 32 30 36 37 35 35 35 7e 31 30 32 30 36 37 38
                                                                                                                                                                                                                        Data Ascii: 117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~1020678
                                                                                                                                                                                                                        2025-01-06 18:52:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        29192.168.2.1658047142.250.185.1964432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:10 UTC1965OUTGET /pagead/1p-conversion/10807868703/?random=1591526551&cv=11&fst=1736189526577&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v9177421235z89175374541za201zb9175374541&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&label=pzUUCKf2w4MDEJ_6y6Eo&hn=www.googleadservices.com&frm=0&tiba=Zip%20This%20-%20Successfully%20Updated&value=0&npa=0&pscdl=noapi&auid=1994571191.1736189525&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAiIBATgBQAFKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&pscrd=CJfIo9OoovCraiITCI6Y_oDi4YoDFdnwEQgdnA4cBDICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLMgIIFTICCB8yAggTMgIIEjobaHR0cHM6Ly93d3cuemlwdGhpc2 [TRUNCATED]
                                                                                                                                                                                                                        Host: www.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:10 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:10 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Content-Type: image/gif
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        Content-Length: 42
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2025-01-06 18:52:10 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                        Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        30192.168.2.1658049172.217.23.984432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:10 UTC1244OUTGET /ddm/fls/z/dc_pre=CLDyl4Hi4YoDFeHtEQgdf90iTg;src=14918961;type=invmedia;cat=typtd0;ord=1;num=1010720209330;npa=0;auiddc=*;ps=1;pcor=671073416;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9196976143z89175374541za201zb9175374541;gcs=G111;gcd=13t3t3t3t5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf HTTP/1.1
                                                                                                                                                                                                                        Host: adservice.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://14918961.fls.doubleclick.net/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:11 UTC529INHTTP/1.1 200 OK
                                                                                                                                                                                                                        P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:10 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                        Content-Type: image/gif
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Server: cafe
                                                                                                                                                                                                                        Content-Length: 42
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2025-01-06 18:52:11 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                        Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        31192.168.2.1658050104.18.2.2004432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:11 UTC868OUTGET /assets/images/favicon.ico HTTP/1.1
                                                                                                                                                                                                                        Host: www.zipthisapp.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: _gcl_au=1.1.1994571191.1736189525; _ga=GA1.1.1855466587.1736189527; _ga_3D171KFV2T=GS1.1.1736189526.1.0.1736189526.60.0.0; uuid=2c53b67d-13cc-4a8b-8975-567a274dd0eb-c; u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf
                                                                                                                                                                                                                        2025-01-06 18:52:11 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:11 GMT
                                                                                                                                                                                                                        Content-Type: image/vnd.microsoft.icon
                                                                                                                                                                                                                        Content-Length: 519
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Last-Modified: Wed, 25 Dec 2024 12:09:11 GMT
                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                        x-amz-version-id: HJtFh1T9_1NPSPFHNhyHbNc4zwK8cp.d
                                                                                                                                                                                                                        X-Cache: MISS from ip-10-14-10-135.ec2.internal
                                                                                                                                                                                                                        X-Cache-Lookup: HIT from ip-10-14-10-135.ec2.internal:80
                                                                                                                                                                                                                        Cache-Control: public, max-age=14400
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Expires: Mon, 06 Jan 2025 22:52:11 GMT
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde75ccd127cb2-EWR
                                                                                                                                                                                                                        2025-01-06 18:52:11 UTC519INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1a 00 00 00 1a 08 06 00 00 00 a9 4a 4c ce 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 01 9c 49 44 41 54 78 01 dd 96 bf 4f c2 40 14 c7 bf 47 ab 42 24 e0 60 1a 4d 0c 1a 8d 71 d2 30 18 d9 4c 34 61 33 ac 4e 2e ea 7f e0 e0 5f c1 c4 6a dc 9d 5c 1c d8 18 74 12 27 c5 44 13 82 1b 4d 24 86 54 c4 22 b6 9c f7 1a aa fc 28 84 00 ed e0 27 79 bd de bb 6b bf f7 f3 e5 31 b4 e3 6b da 20 70 61 cc a1 b4 db c8 1a 76 67 bb 01 cb b3 89 4d 6e 4a 49 06 1e 15 ee 10 46 86 5f 43 36 8e 0a a5 ab 3c 55 2c a1 85 50 7c 75 52 0a de 8a d7 19 8c 17 0d a6 1e 2f bc a7 b3 b4 4c 4c 88 9c b9 20 42 84 21 f9 93 a2 f4 91 90 24 6c 1b
                                                                                                                                                                                                                        Data Ascii: PNGIHDRJLpHYssRGBgAMAaIDATxO@GB$`Mq0L4a3N._j\t'DM$T"('yk1k pavgMnJIF_C6<U,P|uR/LL B!$l


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        32192.168.2.1658051104.18.2.2004432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:11 UTC1359OUTGET /report?event_name=thankyou-report&dataSet=report&platform=pc&infoJson=%7B%22suid%22%3A%22aa4008ff-463e-4ce6-8230-e38f8a67e3cf%22%2C%22cid%22%3A%22%22%2C%22utm_source%22%3A%22%22%2C%22_gcl_au%22%3A%221.1.1994571191.1736189525%22%2C%22_ga%22%3A%22GA1.1.1855466587.1736189527%22%2C%22_ga_3D171KFV2T%22%3A%22GS1.1.1736189526.1.0.1736189526.60.0.0%22%2C%22uuid%22%3A%222c53b67d-13cc-4a8b-8975-567a274dd0eb-c%22%2C%22u%22%3A%22aa4008ff-463e-4ce6-8230-e38f8a67e3cf%22%2C%22language%22%3A%22en-US%22%2C%22visit_num%22%3A%222c53b67d-13cc-4a8b-8975-567a274dd0eb-c%22%2C%22application%22%3A%221704805639094716%22%2C%22user_agent%22%3A%22mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F117.0.0.0%20safari%2F537.36%22%2C%22lp_id%22%3A%22success%22%7D HTTP/1.1
                                                                                                                                                                                                                        Host: bq.zipthisapp.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:12 UTC344INHTTP/1.1 200
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:11 GMT
                                                                                                                                                                                                                        Content-Type: application/json;charset=ISO-8859-1
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8fdde75d1a914238-EWR


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        33192.168.2.1658052216.239.34.1814432068C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:13 UTC1376OUTPOST /g/collect?v=2&tid=G-3D171KFV2T&gtm=45je4cc1v9176321766za200zb9175374541&_p=1736189523064&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1855466587.1736189527&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=3&sid=1736189526&sct=1&seg=0&dl=https%3A%2F%2Fwww.zipthisapp.com%2Fsuccess%3Fu%3Daa4008ff-463e-4ce6-8230-e38f8a67e3cf&dt=Zip%20This%20-%20Successfully%20Updated&en=scroll&ep.TYP_UID=aa4008ff-463e-4ce6-8230-e38f8a67e3cf&ep.Browser_Lang=en-US&epn.percent_scrolled=90&tfd=10985 HTTP/1.1
                                                                                                                                                                                                                        Host: analytics.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://www.zipthisapp.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2025-01-06 18:52:13 UTC849INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://www.zipthisapp.com
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:13 GMT
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                        Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                                                                        Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
                                                                                                                                                                                                                        Server: Golfe2
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        34192.168.2.165806345.33.84.94435136C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:38 UTC154OUTPOST /r HTTP/1.1
                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                        Host: can.thisilient.com
                                                                                                                                                                                                                        Content-Length: 148
                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2025-01-06 18:52:38 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                        2025-01-06 18:52:38 UTC148OUTData Raw: 56 30 46 63 58 55 42 6d 57 41 55 50 41 41 31 59 56 55 5a 62 45 41 52 76 55 6b 63 55 62 68 4d 52 41 41 4a 57 48 68 42 46 42 68 5a 74 58 6c 30 4f 56 56 67 43 56 46 4a 64 56 6c 41 5a 42 67 52 56 42 42 30 48 56 41 45 48 53 31 70 54 56 67 4d 56 41 41 56 62 41 67 70 57 44 77 52 52 43 6c 55 43 52 41 52 41 52 6d 74 62 56 6c 74 51 42 77 4d 44 58 41 46 54 56 46 4a 63 41 77 46 52 41 56 4a 53 46 46 4a 50 56 6c 70 4e 43 79 73 53 41 46 35 54 55 41 3d 3d
                                                                                                                                                                                                                        Data Ascii: V0FcXUBmWAUPAA1YVUZbEARvUkcUbhMRAAJWHhBFBhZtXl0OVVgCVFJdVlAZBgRVBB0HVAEHS1pTVgMVAAVbAgpWDwRRClUCRARARmtbVltQBwMDXAFTVFJcAwFRAVJSFFJPVlpNCysSAF5TUA==
                                                                                                                                                                                                                        2025-01-06 18:52:39 UTC190INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:39 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:39 UTC65INData Raw: 33 62 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 4f 6b 20 66 72 6f 6d 20 72 65 70 6f 72 74 20 70 6f 73 74 20 73 65 72 76 69 63 65 20 50 4f 53 54 22 2c 22 73 74 61 74 75 73 22 3a 32 30 30 7d 0d 0a
                                                                                                                                                                                                                        Data Ascii: 3b{"message":"Ok from report post service POST","status":200}
                                                                                                                                                                                                                        2025-01-06 18:52:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        35192.168.2.16580645.161.105.734434780C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:47 UTC301OUTPOST /update/auth HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
                                                                                                                                                                                                                        Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                        Host: tzpdld.com
                                                                                                                                                                                                                        Content-Length: 663
                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2025-01-06 18:52:47 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                        2025-01-06 18:52:47 UTC663OUTData Raw: 7b 22 64 61 74 61 22 3a 22 37 37 32 4e 77 53 44 71 53 4c 53 6f 32 4a 41 48 6d 66 57 6d 43 41 4b 71 79 48 62 49 38 6b 51 6c 73 62 57 35 41 6a 4b 34 50 77 34 37 76 33 66 74 35 75 46 73 68 63 79 66 57 79 6e 58 6b 52 55 58 66 4c 61 77 4d 36 63 73 79 61 62 55 58 77 6c 53 55 52 65 2b 58 65 42 56 55 53 77 30 53 42 61 76 73 43 50 69 48 69 68 66 73 47 61 4d 38 71 37 78 47 37 4c 33 67 39 6d 79 58 46 72 56 37 41 4a 57 33 72 59 55 6c 7a 4e 76 36 57 55 30 6c 38 6d 63 6d 76 6d 38 4e 72 4a 4c 58 66 4d 62 76 49 77 64 4a 6c 6f 6a 31 78 6f 50 6e 58 67 44 54 56 65 64 39 39 57 59 6f 77 70 35 6b 71 55 50 66 35 68 4b 45 70 61 65 72 55 31 79 6b 42 44 41 4e 49 4a 52 47 73 43 67 41 31 65 55 70 58 41 2f 68 69 52 4e 44 45 71 70 4d 71 4d 4f 2b 71 45 75 41 56 36 64 4d 48 56 47 56 78
                                                                                                                                                                                                                        Data Ascii: {"data":"772NwSDqSLSo2JAHmfWmCAKqyHbI8kQlsbW5AjK4Pw47v3ft5uFshcyfWynXkRUXfLawM6csyabUXwlSURe+XeBVUSw0SBavsCPiHihfsGaM8q7xG7L3g9myXFrV7AJW3rYUlzNv6WU0l8mcmvm8NrJLXfMbvIwdJloj1xoPnXgDTVed99WYowp5kqUPf5hKEpaerU1ykBDANIJRGsCgA1eUpXA/hiRNDEqpMqMO+qEuAV6dMHVGVx
                                                                                                                                                                                                                        2025-01-06 18:52:48 UTC353INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:48 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        X-Amz-Apigw-Id: D-r0EGmQIAMEZ4g=
                                                                                                                                                                                                                        X-Amzn-Requestid: 32467413-2020-4b48-9f89-212d5f547c4b
                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-677c267f-7d72ce1840e61d691e347c30;Sampled=1;Lineage=1:41f2c0ed:0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:52:48 UTC726INData Raw: 32 63 66 0d 0a 7b 22 63 6f 64 65 22 3a 32 30 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 4f 4b 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 4d 6f 6e 2c 20 30 36 20 4a 61 6e 20 32 30 32 35 20 31 38 3a 35 32 3a 34 38 20 47 4d 54 22 2c 22 74 6f 6b 65 6e 22 3a 22 65 79 4a 68 62 47 63 69 4f 69 4a 42 4d 6a 55 32 52 30 4e 4e 53 31 63 69 4c 43 4a 70 64 69 49 36 49 6c 42 75 51 6b 46 72 56 30 31 44 63 31 68 70 61 6d 4a 48 4f 45 59 69 4c 43 4a 30 59 57 63 69 4f 69 49 35 56 58 68 45 56 7a 4a 78 61 45 38 34 4d 6a 52 7a 4e 6a 5a 7a 4e 31 56 51 54 6a 42 6e 49 69 77 69 5a 57 35 6a 49 6a 6f 69 51 54 49 31 4e 6b 4e 43 51 79 31 49 55 7a 55 78 4d 69 4a 39 2e 34 6a 76 78 6b 50 35 43 48 4b 66 6a 34 45 42 66 72 2d 42 32 62 6a 31 78 56 78
                                                                                                                                                                                                                        Data Ascii: 2cf{"code":200,"message":"OK","success":true,"timestamp":"Mon, 06 Jan 2025 18:52:48 GMT","token":"eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IlBuQkFrV01Dc1hpamJHOEYiLCJ0YWciOiI5VXhEVzJxaE84MjRzNjZzN1VQTjBnIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.4jvxkP5CHKfj4EBfr-B2bj1xVx
                                                                                                                                                                                                                        2025-01-06 18:52:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        36192.168.2.16580655.161.105.734434780C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:52:48 UTC918OUTGET /update/download HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
                                                                                                                                                                                                                        Authorization: jwe eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IlBuQkFrV01Dc1hpamJHOEYiLCJ0YWciOiI5VXhEVzJxaE84MjRzNjZzN1VQTjBnIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.4jvxkP5CHKfj4EBfr-B2bj1xVxENfRjvorzfArwjqSdRiENFafjMpeHyDrOLwEF3_ZYpWk8lXEJH6Hh8_VWp0A.QavBb7mnEDPYoiVOUApkHQ.li1zVRebxjq0fDHcW0S8hHbNwOwjkPOv5G1QKDJnCIJuw1FMPwT3kwY2n68d3YmNSoVgW70I_LGH3xddeAYVDWZb5KmJIn8VpTab1Xk4V1jwY6cJdVVDn4TgEZPIhEsZrZ_9zVG3KUgsJ0ukOSfpfMNFAsybOtYHgMGohYENHNwcWD72Y8P2wmWJy85YxxNpx7tyNDMBDKumE20v71W8NNTnKAZ_rXJV7x4gNd7chQEGtkLznPWYG3et0Q6puJG7CPxnQM-uc3Qxkeod_Q1yPQ0b9Z_Yd5rTsg8-8FcSJQqNiV_xhNRfaPTFbXVans6I.40k4pKMYgjuLx_7QOM13uWljcKw4Zh30p_OIUJKZwKE
                                                                                                                                                                                                                        Additional-Args: {"userID": "aa4008ff-463e-4ce6-8230-e38f8a67e3cf", "instDate": "2025-01-06 18:51:54"}
                                                                                                                                                                                                                        Host: tzpdld.com
                                                                                                                                                                                                                        2025-01-06 18:52:53 UTC331INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                        Content-Length: 95
                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:52:52 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        X-Amz-Apigw-Id: D-r0LGsroAMEZ4g=
                                                                                                                                                                                                                        X-Amzn-Requestid: 51411b3c-f8bb-4d87-bfbf-be299900e6f8
                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-677c2680-41efa3dd4b5b6c2e0054e6d7;Sampled=1;Lineage=1:41f2c0ed:0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2025-01-06 18:52:53 UTC95INData Raw: 7b 22 63 6f 64 65 22 3a 34 30 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 4f 20 55 50 44 41 54 45 53 22 2c 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 4d 6f 6e 2c 20 30 36 20 4a 61 6e 20 32 30 32 35 20 31 38 3a 35 32 3a 35 32 20 47 4d 54 22 7d
                                                                                                                                                                                                                        Data Ascii: {"code":400,"message":"NO UPDATES","success":false,"timestamp":"Mon, 06 Jan 2025 18:52:52 GMT"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        37192.168.2.16580675.161.105.734434044C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:53:05 UTC301OUTPOST /update/auth HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
                                                                                                                                                                                                                        Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                        Host: tzpdld.com
                                                                                                                                                                                                                        Content-Length: 663
                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2025-01-06 18:53:05 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                        2025-01-06 18:53:05 UTC663OUTData Raw: 7b 22 64 61 74 61 22 3a 22 37 37 32 4e 77 53 44 71 53 4c 53 6f 32 4a 41 48 6d 66 57 6d 43 41 50 68 4c 5a 31 38 54 45 64 66 72 35 4e 79 32 6a 51 75 46 6f 6f 37 66 37 45 77 48 5a 5a 6f 4c 59 34 47 7a 42 47 76 44 64 46 57 37 44 63 33 62 4a 38 56 6b 35 33 30 77 6c 77 7a 72 73 4c 49 72 31 35 37 7a 51 38 56 64 4e 4f 61 52 5a 45 65 39 77 63 42 4e 2f 2b 2f 59 45 37 69 78 74 45 67 35 31 43 61 62 66 36 77 39 52 2b 76 6b 68 76 72 34 73 2b 58 6d 35 42 67 6b 70 53 4f 52 4c 38 44 57 36 61 61 4a 4e 53 57 55 49 61 53 6e 6f 69 34 33 5a 4d 6a 4d 79 44 2b 48 34 64 4c 58 75 48 2f 68 47 43 71 46 43 75 77 6a 46 62 43 6f 69 70 62 55 69 55 50 75 4c 4b 30 46 46 6b 79 50 55 6e 4d 43 4c 50 72 42 69 32 34 79 54 79 53 6f 76 53 74 73 51 57 7a 41 67 49 5a 2b 74 48 43 45 54 54 6a 37 2f
                                                                                                                                                                                                                        Data Ascii: {"data":"772NwSDqSLSo2JAHmfWmCAPhLZ18TEdfr5Ny2jQuFoo7f7EwHZZoLY4GzBGvDdFW7Dc3bJ8Vk530wlwzrsLIr157zQ8VdNOaRZEe9wcBN/+/YE7ixtEg51Cabf6w9R+vkhvr4s+Xm5BgkpSORL8DW6aaJNSWUIaSnoi43ZMjMyD+H4dLXuH/hGCqFCuwjFbCoipbUiUPuLK0FFkyPUnMCLPrBi24yTySovStsQWzAgIZ+tHCETTj7/
                                                                                                                                                                                                                        2025-01-06 18:53:05 UTC353INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:53:05 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        X-Amz-Apigw-Id: D-r21HURIAMEPvg=
                                                                                                                                                                                                                        X-Amzn-Requestid: 4799c865-41ee-444e-ab54-ba6ce1fe28bd
                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-677c2691-3c03f139471076e770a851e4;Sampled=1;Lineage=1:41f2c0ed:0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:53:05 UTC726INData Raw: 32 63 66 0d 0a 7b 22 63 6f 64 65 22 3a 32 30 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 4f 4b 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 4d 6f 6e 2c 20 30 36 20 4a 61 6e 20 32 30 32 35 20 31 38 3a 35 33 3a 30 35 20 47 4d 54 22 2c 22 74 6f 6b 65 6e 22 3a 22 65 79 4a 68 62 47 63 69 4f 69 4a 42 4d 6a 55 32 52 30 4e 4e 53 31 63 69 4c 43 4a 70 64 69 49 36 49 6e 42 72 61 56 52 6f 61 32 70 31 59 6b 39 58 56 48 4e 71 4d 33 6f 69 4c 43 4a 30 59 57 63 69 4f 69 4a 77 52 45 5a 71 63 45 4e 71 4c 57 67 30 62 6e 59 79 61 30 74 68 62 32 74 47 58 7a 56 33 49 69 77 69 5a 57 35 6a 49 6a 6f 69 51 54 49 31 4e 6b 4e 43 51 79 31 49 55 7a 55 78 4d 69 4a 39 2e 4a 5a 49 30 6d 77 7a 52 36 49 73 4e 54 38 66 6c 71 79 31 6a 51 46 51 73 5a 36
                                                                                                                                                                                                                        Data Ascii: 2cf{"code":200,"message":"OK","success":true,"timestamp":"Mon, 06 Jan 2025 18:53:05 GMT","token":"eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6InBraVRoa2p1Yk9XVHNqM3oiLCJ0YWciOiJwREZqcENqLWg0bnYya0thb2tGXzV3IiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.JZI0mwzR6IsNT8flqy1jQFQsZ6
                                                                                                                                                                                                                        2025-01-06 18:53:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        38192.168.2.16580685.161.105.734434044C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:53:06 UTC918OUTGET /update/download HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
                                                                                                                                                                                                                        Authorization: jwe eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6InBraVRoa2p1Yk9XVHNqM3oiLCJ0YWciOiJwREZqcENqLWg0bnYya0thb2tGXzV3IiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.JZI0mwzR6IsNT8flqy1jQFQsZ64klIW7KNsYjYuGu9Ch0tOvVLJSPcI2gvOFcOlhMsjd31wQhxz8qsEGTuixXw.Vp0IaxcQBOKn5EFUoUJv7A.nA8cZ1K1-j7yOSzwTUZ-iGpII2LuLh_FDTsbu5DXyIgQlY2ZWFBydv_v2ZOmuFkhrVCksBBxyqxyNSwCLdgD9EPnPEcrC0m_8H64KN8CYjTMZgFcX-gqUr0gns5zLCHBtw1Mi9cKE8Aa3RCii1TlL9Lp4TQfSI6kaK230ATlIv4IT98rcQLsOfh638EOLBak0_2HkbjWoZHjSM8ocMyMAnOqBlAjd5kHEoRrCYL1BY276dOSLRVPlUSUhvqAbhuEWyKvSwRbGt25Ysj8_cxlHkf3QMLDQw0JebDvR87c0xgdHT9s4IlIT579o6dy5HVm.c9JqSrOCzMG6i9m5kDMUx4iVTOEAYVWbaZfoQ7GKRUg
                                                                                                                                                                                                                        Additional-Args: {"userID": "aa4008ff-463e-4ce6-8230-e38f8a67e3cf", "instDate": "2025-01-06 18:51:54"}
                                                                                                                                                                                                                        Host: tzpdld.com
                                                                                                                                                                                                                        2025-01-06 18:53:06 UTC331INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                        Content-Length: 95
                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:53:06 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        X-Amz-Apigw-Id: D-r28HvZoAMEg_A=
                                                                                                                                                                                                                        X-Amzn-Requestid: 4e464e6f-69ab-4729-81cf-86ab8c881769
                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-677c2692-26e9c48277cf43882ced7e7d;Sampled=1;Lineage=1:41f2c0ed:0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2025-01-06 18:53:06 UTC95INData Raw: 7b 22 63 6f 64 65 22 3a 34 30 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 4f 20 55 50 44 41 54 45 53 22 2c 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 4d 6f 6e 2c 20 30 36 20 4a 61 6e 20 32 30 32 35 20 31 38 3a 35 33 3a 30 36 20 47 4d 54 22 7d
                                                                                                                                                                                                                        Data Ascii: {"code":400,"message":"NO UPDATES","success":false,"timestamp":"Mon, 06 Jan 2025 18:53:06 GMT"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        39192.168.2.165807045.33.84.9443
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2025-01-06 18:53:33 UTC154OUTPOST /r HTTP/1.1
                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                        Host: can.thisilient.com
                                                                                                                                                                                                                        Content-Length: 148
                                                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2025-01-06 18:53:33 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                                        2025-01-06 18:53:33 UTC148OUTData Raw: 56 30 46 63 58 55 42 6d 57 41 55 50 41 41 31 59 56 55 5a 62 45 41 52 76 55 6b 63 55 62 68 4d 52 41 41 4a 57 48 68 42 46 42 68 5a 74 58 6c 30 4f 56 56 67 43 56 46 4a 64 56 6c 41 5a 42 67 52 56 42 42 30 48 56 41 45 48 53 31 70 54 56 67 4d 56 41 41 56 62 41 67 70 57 44 77 52 52 43 6c 55 43 52 41 52 41 52 6d 74 62 56 6c 74 51 42 77 4d 44 58 41 46 54 56 46 4a 63 41 77 46 52 41 56 4a 53 46 46 4a 50 56 6c 70 4e 43 79 73 53 41 46 35 54 55 41 3d 3d
                                                                                                                                                                                                                        Data Ascii: V0FcXUBmWAUPAA1YVUZbEARvUkcUbhMRAAJWHhBFBhZtXl0OVVgCVFJdVlAZBgRVBB0HVAEHS1pTVgMVAAVbAgpWDwRRClUCRARARmtbVltQBwMDXAFTVFJcAwFRAVJSFFJPVlpNCysSAF5TUA==
                                                                                                                                                                                                                        2025-01-06 18:53:33 UTC190INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                        Date: Mon, 06 Jan 2025 18:53:33 GMT
                                                                                                                                                                                                                        Server: Nginx
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2025-01-06 18:53:33 UTC65INData Raw: 33 62 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 4f 6b 20 66 72 6f 6d 20 72 65 70 6f 72 74 20 70 6f 73 74 20 73 65 72 76 69 63 65 20 50 4f 53 54 22 2c 22 73 74 61 74 75 73 22 3a 32 30 30 7d 0d 0a
                                                                                                                                                                                                                        Data Ascii: 3b{"message":"Ok from report post service POST","status":200}
                                                                                                                                                                                                                        2025-01-06 18:53:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:13:51:36
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\ZipThis.exe"
                                                                                                                                                                                                                        Imagebase:0x271f7b40000
                                                                                                                                                                                                                        File size:2'820'904 bytes
                                                                                                                                                                                                                        MD5 hash:22A6CB7348B496600E7151A8112CBAC9
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                        Start time:13:51:42
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1"
                                                                                                                                                                                                                        Imagebase:0x7ff7582a0000
                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                        Start time:13:51:42
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                        Start time:13:51:59
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=aa4008ff-463e-4ce6-8230-e38f8a67e3cf
                                                                                                                                                                                                                        Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                        Start time:13:52:00
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1716,i,8243052298361241562,9731876244688689168,262144 /prefetch:8
                                                                                                                                                                                                                        Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                        Start time:13:52:04
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe"
                                                                                                                                                                                                                        Imagebase:0x23c6b400000
                                                                                                                                                                                                                        File size:512'296 bytes
                                                                                                                                                                                                                        MD5 hash:9AF46426A5C164310DDD6FB6E77D78C2
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                        • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                        Start time:13:52:20
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                        Imagebase:0x7ff780930000
                                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                        Start time:13:52:36
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe"
                                                                                                                                                                                                                        Imagebase:0x21259560000
                                                                                                                                                                                                                        File size:512'296 bytes
                                                                                                                                                                                                                        MD5 hash:9AF46426A5C164310DDD6FB6E77D78C2
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                        Start time:13:52:45
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\ZipThis\Updater.exe"
                                                                                                                                                                                                                        Imagebase:0x1491f380000
                                                                                                                                                                                                                        File size:20'776 bytes
                                                                                                                                                                                                                        MD5 hash:8F3972F98564FC9D1E3E5A3840A0DA85
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                        Start time:13:53:03
                                                                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\ZipThis\Updater.exe"
                                                                                                                                                                                                                        Imagebase:0x25dd7910000
                                                                                                                                                                                                                        File size:20'776 bytes
                                                                                                                                                                                                                        MD5 hash:8F3972F98564FC9D1E3E5A3840A0DA85
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FFEC82C5A4F Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: de217c6cd11b52bf0533e240f9152f5899947655ef46b5c7e9faca7e727ed702
                                                                                                                                                                                                                          • Instruction ID: 8977c7a98d0ca0c21c22db5863148fefe6802e7ca362a72fb36e8c4ca882763b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de217c6cd11b52bf0533e240f9152f5899947655ef46b5c7e9faca7e727ed702
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C41EA7090CB4C8FDB98EF59D489AA97BE0FBA9311F10412EE54DC3211C770A445CB91
                                                                                                                                                                                                                          Function 00007FFEC82C78C8 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 081b8d6c63087ab929734cf87494e151cda09c077b255964591c92f97aed8117
                                                                                                                                                                                                                          • Instruction ID: a6ecc1b3f0c9db24d47c58546280bd37558db630474a70b665c3db71a0564850
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 081b8d6c63087ab929734cf87494e151cda09c077b255964591c92f97aed8117
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6419E30B1890D5FFB88EB28A8592BD66D2FF98300F5401BAF40ED72E3DD286D458795
                                                                                                                                                                                                                          Function 00007FFEC82C0D88 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e424d464323fbc74105b56139746b0221be4ff34a3fdc79d63ecd1d5a17dc1a1
                                                                                                                                                                                                                          • Instruction ID: 3b77656b0310c1a1122f00bc17943a9f1ad6980c90182f7e1df1b0ab1c68f632
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e424d464323fbc74105b56139746b0221be4ff34a3fdc79d63ecd1d5a17dc1a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A411522A0D58A0FF749AB285C192F97BD1EF96354F4801B6E44CCB1E3ED1C6A468396
                                                                                                                                                                                                                          Function 00007FFEC82C984B Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 82aa2c255955cb51b6c35ec82321c1d3cc10d9a9c20e017bab0b414389056080
                                                                                                                                                                                                                          • Instruction ID: 521644418ff35facdc4ff9821373358136a5296fe4c6f561f9c6de843b69385b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82aa2c255955cb51b6c35ec82321c1d3cc10d9a9c20e017bab0b414389056080
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6412971908A4C8FDB98EF98D445BEEBBB1EB99311F00816ED00ED3251DA71A585CB81
                                                                                                                                                                                                                          Function 00007FFEC82C5A32 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 62d81ecc39db9fcacc2934ff85f73dfc68e046894a4cd15fa4864233f5f01567
                                                                                                                                                                                                                          • Instruction ID: bcdc36608ce92cd5f0c4e3a57fd4a063e37f7504cfddb22e7340076072b76f37
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62d81ecc39db9fcacc2934ff85f73dfc68e046894a4cd15fa4864233f5f01567
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B31F77090CB8C8FDB94DF59D484BA9BBE0FBA9311F10822EE58DC3222C735A441CB91
                                                                                                                                                                                                                          Function 00007FFEC82C78F8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4e780389316cffd82dba30cf1be223dfe93b564a668ab72d87665cccce9ab706
                                                                                                                                                                                                                          • Instruction ID: 29751fa1ddf095157225e082c181e2c60ceb423ad8c0443dff40099798dfa995
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e780389316cffd82dba30cf1be223dfe93b564a668ab72d87665cccce9ab706
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33212470C0D5661DF91D3EA9166A5B965C05FD2341F80047AF0EE090F7CE5DB708E1AE
                                                                                                                                                                                                                          Function 00007FFEC81AE34C Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528139348.00007FFEC81AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC81AD000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec81ad000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5a90da84e20b224465bef9b9a7ab11d0baa189f12ef83ec5baf38ced379b4fd4
                                                                                                                                                                                                                          • Instruction ID: e8ad75b4f7daa8c17f1896c1000b05eb515165140b4516982a942d0f1ce0e9b3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a90da84e20b224465bef9b9a7ab11d0baa189f12ef83ec5baf38ced379b4fd4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22113A7190CF088F9BA8EF1DE48596277E1FB98321B10065FE459C7666DA31E891CB82
                                                                                                                                                                                                                          Function 00007FFEC82CA8C0 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 578633f13c65f2bb8c8cd151001c25dc22a4049a0bde781ba3af5c6a2015d5dd
                                                                                                                                                                                                                          • Instruction ID: 1eff18dff05b54de5c5d028aaf114e2672b38324d906a89056bf8cad10a89024
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 578633f13c65f2bb8c8cd151001c25dc22a4049a0bde781ba3af5c6a2015d5dd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B01D630B28D090BA39CEA1C941967672D3FBD8311F94863FF44DC32A5DE24E941C789
                                                                                                                                                                                                                          Function 00007FFEC82C7891 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5514d775b6298c57974c1d367a9016a8c1d3dc0d038c60bf8340075fc80595de
                                                                                                                                                                                                                          • Instruction ID: 387daac40982ad322936b3834c3e9123adffde1c81de30ecb6639c5c7e250325
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5514d775b6298c57974c1d367a9016a8c1d3dc0d038c60bf8340075fc80595de
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10F0F431A289194FE698EE1CD899776B3D1EFD9342B1401B9E40DC33A2DD166C81C745
                                                                                                                                                                                                                          Function 00007FFEC82C6A89 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 90ec60aff58932e56a24f85e3f735abddae8ed63c11987938211821f370f34b1
                                                                                                                                                                                                                          • Instruction ID: a2a996b3b8ea386039e88835c4197fc9253243a84fb5316551d7dd271b03aa72
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90ec60aff58932e56a24f85e3f735abddae8ed63c11987938211821f370f34b1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67F0A43290D7D80FE7269B68181C4FA7FF0EE9A221B0801BBE448D71A3E914191AC355
                                                                                                                                                                                                                          Function 00007FFEC82C6AA0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5826f5cad887ce3fd6284ce7334d1a25f80d515c4b0c105b3bea86720b6e11d3
                                                                                                                                                                                                                          • Instruction ID: f7b52d6a44d4ad02d78b0a4626f7543c2bc6b82d18d3523ed34794ea187bafd7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5826f5cad887ce3fd6284ce7334d1a25f80d515c4b0c105b3bea86720b6e11d3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF0E571E1496C4F6B58AEAC580D8FBBBE4EB9C321B10013FF80DE3221EE2059168294
                                                                                                                                                                                                                          Function 00007FFEC82C12AC Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d4a90d8c82b1597560b1c310f33c549c3069331a7c3ab7fe4508bb2f433a4373
                                                                                                                                                                                                                          • Instruction ID: 3e4b73b2e7a1340188f8fc18d9f6bfe88695bfc8e6204650c16aa4cf763e0040
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4a90d8c82b1597560b1c310f33c549c3069331a7c3ab7fe4508bb2f433a4373
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16E09221309C4E4FDBCAB72C51587BCB7D3DBE8741708425AE40EC3296CE298C428345
                                                                                                                                                                                                                          Function 00007FFEC82C6A35 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1ae3b72bad7b0a60a7a62a5633c19bf3ac67bc7f16bf35acc0d135f1cc54515a
                                                                                                                                                                                                                          • Instruction ID: 4c671ea79659cf266897f422bcaf162bf1ebcc253c03949bbe5197b8848da3ee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ae3b72bad7b0a60a7a62a5633c19bf3ac67bc7f16bf35acc0d135f1cc54515a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6E0D811B0D6850FE3599528086C6712EC19FDD310B8950FEE408C72E3ED1D9D058305
                                                                                                                                                                                                                          Function 00007FFEC82C0893 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 07032b6f1910dc2b0e3b5d25b0bcd3040f21651ae7fb183f54019dccf9f3f42d
                                                                                                                                                                                                                          • Instruction ID: f2210baddd1b5e35df6d4e209a7db1ba79a58e96aabb6b27cdb06361831cb8ab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07032b6f1910dc2b0e3b5d25b0bcd3040f21651ae7fb183f54019dccf9f3f42d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2E07D117086560BEB05123C30293EC2B81E784221F4100B9D446C62C1DE5D0E830382
                                                                                                                                                                                                                          Function 00007FFEC82C7C45 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b7ccf84c222c1cd8ee6c68b4b3938bd8ba008a8bfed09a5fa13956aae77134bd
                                                                                                                                                                                                                          • Instruction ID: e9fa7fbedce13883e76e8e270a9ae4c15b64b9b2c346d41bff26c16c8983807b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7ccf84c222c1cd8ee6c68b4b3938bd8ba008a8bfed09a5fa13956aae77134bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79D05E00B3CA2F0AF680A77C6D523B9D6C6FB88310FA444B1A41DD62CADC2CED5206C0
                                                                                                                                                                                                                          Function 00007FFEC82C77A8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2460a5e5a6d6f27b55c6602e665f71cd6b329d160ae0ecd3a5e29229aa2bb50c
                                                                                                                                                                                                                          • Instruction ID: 230e15b63073c8189cc9b882c24ad0360efd2ebd42c89eddbf68b22ed99101bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2460a5e5a6d6f27b55c6602e665f71cd6b329d160ae0ecd3a5e29229aa2bb50c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAD05E3281E66B76E120B23E2C959F72FD8DF4377CB1442B2F49C980E3EC09A4459199
                                                                                                                                                                                                                          Function 00007FFEC82C980B Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b727c6a685e5ce159088291e7b9e49746906f7dd3a285e07224088530c8fcd37
                                                                                                                                                                                                                          • Instruction ID: 984bdbe979ee9f81ffaa4d91c4551f4455e92aa243fc28893b79925fbe08ca63
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b727c6a685e5ce159088291e7b9e49746906f7dd3a285e07224088530c8fcd37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DE0EC7591854CAAEF05BF6488494EDBBB0EF54304F4005AAF949D2161EE30A7988741
                                                                                                                                                                                                                          Function 00007FFEC82C6E21 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1528953766.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffec82c0000_ZipThis.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dbf3f2835b7aca551a3ac1baf81bcb8e9b5bac11643f61fb83781e306edec242
                                                                                                                                                                                                                          • Instruction ID: a4839b9ddf5439ddf4242d4def3ec331efc71224c3e10ec5cb13c05b3d935c49
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbf3f2835b7aca551a3ac1baf81bcb8e9b5bac11643f61fb83781e306edec242
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82C0801150D15745D715BAE53C401E477505B03120F0D01B7D85856093C44C5AC44757

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:5.6%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                          Total number of Nodes:15
                                                                                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                                                                                          execution_graph 6215 7ffec82b4e88 6216 7ffec82b4e9f 6215->6216 6219 7ffec82b4260 6216->6219 6218 7ffec82b4f03 6220 7ffec82b4265 6219->6220 6221 7ffec82c7733 GetSystemInfo 6220->6221 6222 7ffec82c76a0 6220->6222 6223 7ffec82c776e 6221->6223 6222->6218 6223->6218 6224 7ffec82b8dcc 6225 7ffec82c70f0 ComputeAccessTokenFromCodeAuthzLevel 6224->6225 6227 7ffec82c719e 6225->6227 6228 7ffec82b8744 6229 7ffec82b871a 6228->6229 6230 7ffec82b875e GetFileAttributesW 6228->6230 6232 7ffec82b8806 6230->6232

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FFEC82B424F Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.1313899325.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ffec82b0000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 428ea6d18cd8f8b35b463f34453e18cd411d6bb0715fe6e729a30a4d5c5b9cb6
                                                                                                                                                                                                                          • Instruction ID: 4c78ededec897a5d63e49ba31d189f7256d693b6417533a34e66bec3b9bf5ba2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428ea6d18cd8f8b35b463f34453e18cd411d6bb0715fe6e729a30a4d5c5b9cb6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2341053190CA4D8FE758EF6C88596F97BE0FF96324F04423AE089C31A2DB646556C785
                                                                                                                                                                                                                          Function 00007FFEC82B8DCC Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.1313899325.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ffec82b0000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AccessAuthzCodeComputeFromLevelToken
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 132034935-0
                                                                                                                                                                                                                          • Opcode ID: ea5095d6eae5e07fccf016e2f946de1c35c3a3465e3faea228c4329392a7aff0
                                                                                                                                                                                                                          • Instruction ID: 323fd0ba8a006e22bb97c3a2a70f962e98dae603fd79555a48ead0c370594879
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea5095d6eae5e07fccf016e2f946de1c35c3a3465e3faea228c4329392a7aff0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1431E07190CA5C8FDB18DF5C98497B97BE0FBA9321F04426FE04AD3252CB74A816CB91
                                                                                                                                                                                                                          Function 00007FFEC82B8744 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.1313899325.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ffec82b0000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                          • Opcode ID: 3a4e5e308f6ea1d54dab7f498602a012db3033c2bcbfdb6bdb918beef0e230b2
                                                                                                                                                                                                                          • Instruction ID: 7cf839c8e55bccffcc1acbb1afed0f0caeaf917f8bb9ef9a89b92eeb6e53c985
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a4e5e308f6ea1d54dab7f498602a012db3033c2bcbfdb6bdb918beef0e230b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F31047190DB4D9FDB19DF6898486FABBF0FF56310F04426BD049D31A2DB60A906C781
                                                                                                                                                                                                                          Function 00007FFEC82B62EA Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.1313899325.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ffec82b0000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                          • Opcode ID: 1a5e17b7c02a75c9993f215a844c54283133a56ce874674f7ff115642e184c5f
                                                                                                                                                                                                                          • Instruction ID: 7cef5bd3d71efb4c3f08b0948c317a4f5b3bfcf3ebb0e9ee25cab31ecbfe304b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a5e17b7c02a75c9993f215a844c54283133a56ce874674f7ff115642e184c5f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC216D71908A1D9FDB58DF58C849AFABBE1EF99311F00822FD00AD3651DB70A816CB81
                                                                                                                                                                                                                          Function 00007FFEC85B05AB Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.1318035144.00007FFEC85B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC85B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ffec85b0000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5d0dc3b083c1c67940d34ba106e54e747c8d875ede383d5eadf646cd8f50e3d4
                                                                                                                                                                                                                          • Instruction ID: 7281308a3a64ff685ed5139d82d2866db0f6770f310f243b989359251fc9a652
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d0dc3b083c1c67940d34ba106e54e747c8d875ede383d5eadf646cd8f50e3d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2F06D32B18C1D8FDB98DB4CE4546B977E0FF982227040276E40DE3260DA21EC028784
                                                                                                                                                                                                                          Function 00007FFEC85B05BE Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.1318035144.00007FFEC85B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC85B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ffec85b0000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1737a67b39a34efa1016e88f7ea7d0e1758a61236e43aa24fee1b91dd0f3d331
                                                                                                                                                                                                                          • Instruction ID: 897dd7247b3f1f11b5535f54e9bd0c22a43241bc8512a05c44275d72ac7016e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1737a67b39a34efa1016e88f7ea7d0e1758a61236e43aa24fee1b91dd0f3d331
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9E01231B01C1E8FD7D9E72C816C73471D2EFA93027194175A40DD72B0DD65DC428744
                                                                                                                                                                                                                          Function 00007FFEC8B10E38 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.1326667553.00007FFEC8B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC8B10000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ffec8b10000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ae78fae0bfd13e0a7007aa760c32e5a75173a926db4cce302a06ad3ce205b230
                                                                                                                                                                                                                          • Instruction ID: eb261b4b61ccad8d3965e7ef3806f8672e8efbc64aae946de8f77cafc2fa810a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae78fae0bfd13e0a7007aa760c32e5a75173a926db4cce302a06ad3ce205b230
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3D0C972B4E5190EB25C588C79032F873C2C7CB231B1022BFE18FC16A6DC4B6A53418A

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FFEC82C0E56 Relevance: 6.4, Strings: 5, Instructions: 114COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: H]:k$`9:k$h9:k$p9:k$x9:k
                                                                                                                                                                                                                          • API String ID: 0-596325974
                                                                                                                                                                                                                          • Opcode ID: 6812236d0f5a9d2fd1b8deec9e1a01c50ec0990f41193a404514a4be950be48d
                                                                                                                                                                                                                          • Instruction ID: 19246f4ca0bbf22bc523bdadd7ff104b5b8bdbb403a309877a8062a4985cdf12
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6812236d0f5a9d2fd1b8deec9e1a01c50ec0990f41193a404514a4be950be48d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92314314B0C9894FE75A9B2C84A1674BFD2EF9F390B1942F9D189CF2D3DC18AC828751
                                                                                                                                                                                                                          Function 00007FFEC82C0E2B Relevance: 5.1, Strings: 4, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: H]:k$`9:k$p9:k$x9:k
                                                                                                                                                                                                                          • API String ID: 0-504193298
                                                                                                                                                                                                                          • Opcode ID: 61e0d7099ae66949fe90f380a8a2432ee0f2e10bdfeec507e049b32b9eafecca
                                                                                                                                                                                                                          • Instruction ID: 423cf5d40618e63b30d5ae928994c22345cdaa292d9fcca3a21aba7839b0aef1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61e0d7099ae66949fe90f380a8a2432ee0f2e10bdfeec507e049b32b9eafecca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A531361470D6C94FD74A9B2C8860764BFE2EF9F380B5941FAD189CF2D3D918AC868751
                                                                                                                                                                                                                          Function 00007FFEC82C1103 Relevance: 3.8, Strings: 3, Instructions: 48COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: `$G!$[<M_^$k<M_^
                                                                                                                                                                                                                          • API String ID: 0-834242973
                                                                                                                                                                                                                          • Opcode ID: f7f6ea6262e229722b635de5d0b3664b092b79840ff29d614020b61157a72091
                                                                                                                                                                                                                          • Instruction ID: d360ad0691dd7a23237d901ffc0dca585ff28bbeba897b2241d3fdbc743a9c8e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7f6ea6262e229722b635de5d0b3664b092b79840ff29d614020b61157a72091
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAF08150B1DD8C0FD749A77C2469278BBD1EFCA21074406FEE44EC7293EC589955C345
                                                                                                                                                                                                                          Function 00007FFEC82C10B2 Relevance: 3.8, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: `]:k$[<M_^$k<M_^
                                                                                                                                                                                                                          • API String ID: 0-3939685241
                                                                                                                                                                                                                          • Opcode ID: aa0e76909d653b7ba1594ec5e946cc2f3fcc716e8246864ac27157f6569a7a17
                                                                                                                                                                                                                          • Instruction ID: e31cd6889070a2f35d170902112dd826d1742f4df7955dae5ce657482305472d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa0e76909d653b7ba1594ec5e946cc2f3fcc716e8246864ac27157f6569a7a17
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECE06D24B18E8E0EEA8CAB7800792B4A2C2EF9D24475440B9A00EC72A3EC189D418241
                                                                                                                                                                                                                          Function 00007FFEC82C1185 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: SS%
                                                                                                                                                                                                                          • API String ID: 0-891173403
                                                                                                                                                                                                                          • Opcode ID: ce1370a9fe50b903c3ee13cd3fabcf7fc6cbeac2c07faf41c7ce64f44a815c07
                                                                                                                                                                                                                          • Instruction ID: 78a644b61942ae5206092ef8282a2784d648bdaa43bcc4b38e97501544097785
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce1370a9fe50b903c3ee13cd3fabcf7fc6cbeac2c07faf41c7ce64f44a815c07
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C511E53170DA494FEB9C9A3CA8A527877D3EF8A321B6402BDE00EC62D2CD299C418300
                                                                                                                                                                                                                          Function 00007FFEC82C640D Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: `;"
                                                                                                                                                                                                                          • API String ID: 0-922671299
                                                                                                                                                                                                                          • Opcode ID: f7f72038f878bbe0e22e5bd7360ec1c2e4f73fac08783a433f7acda666945da8
                                                                                                                                                                                                                          • Instruction ID: 10a71c7680aea8763b890fc51b1568ba3e0f1882f01a916bd74a5b41e902f92d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7f72038f878bbe0e22e5bd7360ec1c2e4f73fac08783a433f7acda666945da8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5301AD64A0E7C46FE31B9B784965560BFB0DE6B24034E02DBE0C5CF1B3D5589A4AC362
                                                                                                                                                                                                                          Function 00007FFEC82C46CA Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0;:k
                                                                                                                                                                                                                          • API String ID: 0-110644069
                                                                                                                                                                                                                          • Opcode ID: 675a80b114b12083a11730b53925b1425924c267ac40cfaf11f0ef3191af9508
                                                                                                                                                                                                                          • Instruction ID: 5408d58cbf9c87bce23054413dc53711de5af3a9f0b4833e470a435339952406
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 675a80b114b12083a11730b53925b1425924c267ac40cfaf11f0ef3191af9508
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51011230E186594FDB95DB2CC854699BBF2FF5D340F1445E5E44CD7251DA349A808B01
                                                                                                                                                                                                                          Function 00007FFEC82C0DE2 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 8]:k
                                                                                                                                                                                                                          • API String ID: 0-2406929432
                                                                                                                                                                                                                          • Opcode ID: 98d662f40f5a7a46916e5fc834ce20b03c2ef6c0409ac9505b728ac83cedb4e7
                                                                                                                                                                                                                          • Instruction ID: 3e390c3260d2582dad2905f90e9a4d0f9707d0414247b5d716eff266ca7202ff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98d662f40f5a7a46916e5fc834ce20b03c2ef6c0409ac9505b728ac83cedb4e7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8E0C27690954E6FDB45DB58E8450FCBBB1EF4A360F0002F2E40CE7152EF302A468700
                                                                                                                                                                                                                          Function 00007FFEC82C1033 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: X]:k
                                                                                                                                                                                                                          • API String ID: 0-3025150747
                                                                                                                                                                                                                          • Opcode ID: da9cf5c7523e3a5268aa7de5826bb6335d68ba7757665c2fadb64b4ae465073a
                                                                                                                                                                                                                          • Instruction ID: 264336da60bf275500c18487cc9f4b89e14aeac0484f07a31d67d39231b27414
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da9cf5c7523e3a5268aa7de5826bb6335d68ba7757665c2fadb64b4ae465073a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41E0C235A08D8A4FE695CA2C84566F077E2FF9F38430901A5D908DB2AAD8046C418781
                                                                                                                                                                                                                          Function 00007FFEC82C1145 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: `$G!
                                                                                                                                                                                                                          • API String ID: 0-3598127039
                                                                                                                                                                                                                          • Opcode ID: f4d63fc576cf44807cabe25a30c52ca94210772de09f82cd74ecee26783b4c76
                                                                                                                                                                                                                          • Instruction ID: 7c913daf937d1a6784cfde216d4bef2795c4792fba291724e438d87df2138be5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4d63fc576cf44807cabe25a30c52ca94210772de09f82cd74ecee26783b4c76
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BD01224B08D5C4FDB49A62C44A85B87BE1EB5A74170901ADE84ACB283CD14AC429706
                                                                                                                                                                                                                          Function 00007FFEC82C3D8E Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: `;k
                                                                                                                                                                                                                          • API String ID: 0-2113378960
                                                                                                                                                                                                                          • Opcode ID: 98d3d87d7dc7755de4b3a28941ccb1651f8c464a85a6cf100f5fb20b6605898a
                                                                                                                                                                                                                          • Instruction ID: 67c5d5a250af4e7bf6225aad738a85b5c1cd3c7f19ba4bdfa4f65713af6d2350
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98d3d87d7dc7755de4b3a28941ccb1651f8c464a85a6cf100f5fb20b6605898a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38D0A70AA1E6CB8FD343A72C4420161AFA39F5F38075848E28089CF58BDC28A8419312
                                                                                                                                                                                                                          Function 00007FFEC82C6801 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4b702fc313c0deccf26f2d6175ab55d800c6498c906b23c2b5bca35180d8d1d1
                                                                                                                                                                                                                          • Instruction ID: 9aa45c832501ef554cabde45aa8a537749299bf6559a653da3c6a2c171810f07
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b702fc313c0deccf26f2d6175ab55d800c6498c906b23c2b5bca35180d8d1d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72412B3190D7894FFB569B6898196F9BFF0FF4A310F0801BBE489DB193DA246945C741
                                                                                                                                                                                                                          Function 00007FFEC82C300D Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 70401b5a171463b6d45a418ccdf95c0ea2f8b2face7b746a620d993a7162e2fa
                                                                                                                                                                                                                          • Instruction ID: c430a79d20163e2466edd1f90f8f8df2e85165c55e9d8bc3df28896967794107
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70401b5a171463b6d45a418ccdf95c0ea2f8b2face7b746a620d993a7162e2fa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74113A3670CA994AE305B73C69495F93BC0EFD5275B0941BBE589CA1A3DC2851478394
                                                                                                                                                                                                                          Function 00007FFEC81AE35A Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2216220569.00007FFEC81AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC81AD000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec81ad000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2de6a8f6a07c132db00b8af304bc8ab46f266861cb0d9e8b482cbc57786d0680
                                                                                                                                                                                                                          • Instruction ID: 7b889d7f759ef73f3b59d1bdac0cc0e64121c0c0fe31e92aefa559d3b6d08526
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2de6a8f6a07c132db00b8af304bc8ab46f266861cb0d9e8b482cbc57786d0680
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC11083110DF849FE75ADB29E846CA63FE4EF4232071005DFE049CB1A3DA25A885C7A2
                                                                                                                                                                                                                          Function 00007FFEC82C2013 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2fdfb09437115000b8e884e7490759967e503fb0a2840b18fb54b15e340947da
                                                                                                                                                                                                                          • Instruction ID: 35ee02fadf7e01db5f03d7d0084d8308bbc7acbb5912e2599361f3b562429b11
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fdfb09437115000b8e884e7490759967e503fb0a2840b18fb54b15e340947da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA113632A18A1A8FE758B72CB4AE5F577C0EF90311701407BE859CB072EE089892C741
                                                                                                                                                                                                                          Function 00007FFEC82C07ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 398b5d6883c78976f7b227c85b175556c70ecac19a9491b985752b782a5e7ed8
                                                                                                                                                                                                                          • Instruction ID: 858dc7a073a5c45986baff2f659ce648c9f8d779b131e701df887af66c20198d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 398b5d6883c78976f7b227c85b175556c70ecac19a9491b985752b782a5e7ed8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D001DF30B0CC0E5FEB84FA2C9849679B7D5EF9A350B1501B2F40CCB256DD24EC828341
                                                                                                                                                                                                                          Function 00007FFEC82C1448 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f738b42c679ad21557dedcc236620e7f08cbd12c33a3ae2f356d9795e92c58a6
                                                                                                                                                                                                                          • Instruction ID: 4cf8080395634735a9cf424a12dc79b3221b9d4bb17ec599e977dfb89d0dd060
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f738b42c679ad21557dedcc236620e7f08cbd12c33a3ae2f356d9795e92c58a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EF04F306089098FEBD8EB2CD488E7573D1EFA8311B01156AF40DC7270DA24ECC1CB41
                                                                                                                                                                                                                          Function 00007FFEC82C11DB Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e57fdea059ca54f1aea417991dc72bb0cc3759d6d46d85d2d0212bffd2b4ec4a
                                                                                                                                                                                                                          • Instruction ID: 159e8e9497f5ff0cf0c4bfbf36669c84d7c85d149a67777a9ad0f770ba170d34
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e57fdea059ca54f1aea417991dc72bb0cc3759d6d46d85d2d0212bffd2b4ec4a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CF0B43171D90C4FC788EA7CA86917873C2DB89325750067EE01EC7292CE3AD8829340
                                                                                                                                                                                                                          Function 00007FFEC82C6A22 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e4d5b2e0967302511266d5f42c6aa9b1cb5d4994a6cd40ae8861e13b28b00a36
                                                                                                                                                                                                                          • Instruction ID: be284134eec7f8ac48334b0cdaa904e13695ef025534e5a764f30b5c30b977c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4d5b2e0967302511266d5f42c6aa9b1cb5d4994a6cd40ae8861e13b28b00a36
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F09026A0D58E9FDB45DB2C88541A87FB2EF8F380B0846F2E448CB157D934AA868350
                                                                                                                                                                                                                          Function 00007FFEC82C6D3E Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 895569a9ddb388eb3c0332d7fbd227395c3b8aca44e4457d8fc34049f53b1007
                                                                                                                                                                                                                          • Instruction ID: ca8b8ba41f6478d47b5f7def92ffcc8a123e9f7211115cbc75563a55d9f5e7b8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 895569a9ddb388eb3c0332d7fbd227395c3b8aca44e4457d8fc34049f53b1007
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8F01235A085894FD7499B6C94505F87F71EF8B354B4801FAD549DF1A3CD241982C751
                                                                                                                                                                                                                          Function 00007FFEC81AE36F Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2216220569.00007FFEC81AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC81AD000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec81ad000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c4d990c3b072020f78d18eec9c7073cce7c0057e5c8754d18fbe43519d84a9c8
                                                                                                                                                                                                                          • Instruction ID: d308ffb3fbf4bd951fec1500ec6458b806272d07b1142e51736948ab154784d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4d990c3b072020f78d18eec9c7073cce7c0057e5c8754d18fbe43519d84a9c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBF0D434518E099F8FA4EF2EC489E2237E1FBA8710B510A59E45EC7265D634F892CB90
                                                                                                                                                                                                                          Function 00007FFEC82C2135 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8c260e61d8b7cc5ba8ce43ffb0c43c5cc63d7e2007d7a5064c72bca167054edb
                                                                                                                                                                                                                          • Instruction ID: 97b9b63189c23ec3f0f7e0ab84da5726c573de209faaed679070cadd28306f19
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c260e61d8b7cc5ba8ce43ffb0c43c5cc63d7e2007d7a5064c72bca167054edb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16F0962EA0D6CA4ED74797384461260BFA1EF5B3D4F8C04F5D488CF193D9295981D312
                                                                                                                                                                                                                          Function 00007FFEC82C3D27 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7123c77454a54bfecb3b24a18b138cecdc9bdd68f57a482d0f814f476cc1cd7a
                                                                                                                                                                                                                          • Instruction ID: 57c631881f9ebc03bf120b414253f615a528e159f9c97493bf4b6b4671550065
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7123c77454a54bfecb3b24a18b138cecdc9bdd68f57a482d0f814f476cc1cd7a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39F0592591E7C84FE352533448210D53BF1AF46310F8500EBE085C71E3ED5C5A488706
                                                                                                                                                                                                                          Function 00007FFEC82C6644 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 01fa334444d9a0266c90740309c044249671b9a91786bc0127f337254b4830bb
                                                                                                                                                                                                                          • Instruction ID: c47faf67f5879dc13557325085d89e715e1bde65b81533014d6cd4e6b40f1413
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01fa334444d9a0266c90740309c044249671b9a91786bc0127f337254b4830bb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F0BE35E0854E4FEB59EB6894686FCBFB2FF8A360B0405BAE008DB192CD352841C351
                                                                                                                                                                                                                          Function 00007FFEC82C0893 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ec86c0df4299f5fa3d373efba6fab1bb89c0419461be17c00ee04245ba47d716
                                                                                                                                                                                                                          • Instruction ID: b99a2e5793598872eb57be31dc447a29a359ff9a0d8edf0087bb620674e420fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec86c0df4299f5fa3d373efba6fab1bb89c0419461be17c00ee04245ba47d716
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFF03A6194E7C50FE31797340C392697FB16F57211B1900EBD489DA1E3D91D1E09C3A7
                                                                                                                                                                                                                          Function 00007FFEC82C0D5A Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 62e310a464c959b5b8f9bf0022692c4ec67ec1d2b4214a939e1576765ca59de5
                                                                                                                                                                                                                          • Instruction ID: 6c90d7f1f70ba2160381f84c6b68de8da9871a2d4bfaaf812199b65b3bf9b88b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62e310a464c959b5b8f9bf0022692c4ec67ec1d2b4214a939e1576765ca59de5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06E06522719C0B4BDAC9B71C9089AFDB3D3EBE5351B54422AE40FC2299DF2C6D439781
                                                                                                                                                                                                                          Function 00007FFEC82C3A2D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 87a1a67c3f5e2761ce8c322b1a00ea9322d234ac0e2d0ef962ca6fa345b8e9cb
                                                                                                                                                                                                                          • Instruction ID: 64e067e9ad654dc68b6de0e6da541098d99218fcdbc5253717b6643ace8bdfbc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87a1a67c3f5e2761ce8c322b1a00ea9322d234ac0e2d0ef962ca6fa345b8e9cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDE0D822B1D88A1FF78C466C1E7E3B52BC5EFC9211B8851BAF80DC7296DC18ED528344
                                                                                                                                                                                                                          Function 00007FFEC82C65FA Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f0b76ed1f8441ed62724350fe5baa09d98ebdf422d7a25c8cdd44f85ac9e2816
                                                                                                                                                                                                                          • Instruction ID: 36b547dd4930d9c8655d223ad0981b62a676aaf01e80a4619e8c7fd2cc2dddeb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0b76ed1f8441ed62724350fe5baa09d98ebdf422d7a25c8cdd44f85ac9e2816
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFF01574A0890DDFDF81EB18C485FA9BBF2FF69340F1501A6D149DB262CA34E982CB40
                                                                                                                                                                                                                          Function 00007FFEC82C6CF9 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d7752286b87ef54af3b60b568b68fcfd43e2da068fbd01127b39effed0424159
                                                                                                                                                                                                                          • Instruction ID: 1110d8b92af371e7930b96775f0f9dab933bfcfc4dd369f1100a7e31ac4c04f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7752286b87ef54af3b60b568b68fcfd43e2da068fbd01127b39effed0424159
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80E06D25A1849A4EEB49EB6888611F8BBB2FF8F340B0401B9E448DF1A3DD182840C321
                                                                                                                                                                                                                          Function 00007FFEC82C0D38 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f07c3d91c4fced6b0edc908235350cf99f3ca9841d0fe15d244489a3431073f8
                                                                                                                                                                                                                          • Instruction ID: 82af8ae7ee4214d43dfc08a1d0de17eae7340213f5d5aba470231745dd3968f0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f07c3d91c4fced6b0edc908235350cf99f3ca9841d0fe15d244489a3431073f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3C08055519D493F578DE23406241741690975C104744015AE489D11D2DD445F454399

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FFEC82C12C2 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 91dc641fadc418dc1803ef3ad7d72e6719ce8805301b38cea130c089d87f2f56
                                                                                                                                                                                                                          • Instruction ID: bdab2bff6f8097e4f4909d373dc40b305e344b102d3db6df7057c16367d2f881
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91dc641fadc418dc1803ef3ad7d72e6719ce8805301b38cea130c089d87f2f56
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B351053760A7669BD301FB3CFC925EAB790EF8333E30446B7D584C9063DD19608A9695
                                                                                                                                                                                                                          Function 00007FFEC82C129F Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1b0b74e1521c439e90602c0874bd626fcd2b1c66d6cca0ec828607222fb24c63
                                                                                                                                                                                                                          • Instruction ID: 65953a1e34fae281d531a6edb513be6b3eb41164b58e448f2abf4fdbf08f9000
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b0b74e1521c439e90602c0874bd626fcd2b1c66d6cca0ec828607222fb24c63
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD51E33760A76A9BD305FB3CFC825FAB790EF8333A30446B7D584C9063DD19608A9695
                                                                                                                                                                                                                          Function 00007FFEC82C53EA Relevance: 54.2, Strings: 43, Instructions: 442COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ;k$(;k$0;k$8;k$@;k$H;k$P;k$X;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$p;k$x;k$;k$;k
                                                                                                                                                                                                                          • API String ID: 0-244547902
                                                                                                                                                                                                                          • Opcode ID: d9b926d076dc31249f579fa13f01fc34e3fe6d17cef4769f21fee9eb1a3a6475
                                                                                                                                                                                                                          • Instruction ID: c673885fde27986c55efd07faddf5f6ca75b214b6d319da4e1ff1c7f39fb0ea7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9b926d076dc31249f579fa13f01fc34e3fe6d17cef4769f21fee9eb1a3a6475
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3F1EA396197C58FE74ADB3CC4605627FA2AF5F38472909E9C089CF2A7C935A982C711
                                                                                                                                                                                                                          Function 00007FFEC82C53D5 Relevance: 52.9, Strings: 42, Instructions: 444COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.2217176108.00007FFEC82C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_7ffec82c0000_ZipThisApp.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ;k$(;k$0;k$8;k$@;k$H;k$P;k$X;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$h;k$p;k$x;k$;k$;k
                                                                                                                                                                                                                          • API String ID: 0-1802851991
                                                                                                                                                                                                                          • Opcode ID: 36234d9ecb1f0477f9edd479a68e8c27aef140d27eaf89f65c5d3c216d834f3d
                                                                                                                                                                                                                          • Instruction ID: 6b008237253ad41ebf45a010456e0d171f1ec522b5314923a66ef358bbfe0cf0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36234d9ecb1f0477f9edd479a68e8c27aef140d27eaf89f65c5d3c216d834f3d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFF1EC396197C58FE74ADB3CC4605627FB2AF5F38472909E9C089CF2A7C935A982C711

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:2.1%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:33.3%
                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                          Total number of Nodes:6
                                                                                                                                                                                                                          Total number of Limit Nodes:1
                                                                                                                                                                                                                          execution_graph 29811 7ffec82b35fe 29812 7ffec82b3638 29811->29812 29815 7fff3c507770 rand_s 29812->29815 29816 7fff3c50778c 29815->29816 29817 7ffec82b3678 29815->29817 29827 7fff3c509520 6 API calls 29816->29827

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FFEC82B1760 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9ff8ebd9a205de701f322c8ea941cd7ece1cbfc9ef393732e1e885ad1b41a322
                                                                                                                                                                                                                          • Instruction ID: 5d8cae244440f2a5f731be4f7963596c7ceb10ede788739125eca6bc41fa1fc1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ff8ebd9a205de701f322c8ea941cd7ece1cbfc9ef393732e1e885ad1b41a322
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9712430A2995E5FDB6CEE1CC8492BA73E6FB89305750417AE45BC319ACD34A912CB84
                                                                                                                                                                                                                          Function 00007FFF3C507770 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: rand_s
                                                                                                                                                                                                                          • String ID: invalid random_device value
                                                                                                                                                                                                                          • API String ID: 863162693-3926945683
                                                                                                                                                                                                                          • Opcode ID: 01beef4781989b856bb6bfb388d7e35ba10fe6f0418fd590c60b2c945299e0ad
                                                                                                                                                                                                                          • Instruction ID: 61771d67014c81f2dfea50b50f526531ff1983b303ec5e2bfb2b765b232f7ba6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01beef4781989b856bb6bfb388d7e35ba10fe6f0418fd590c60b2c945299e0ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53511522D18E9689F3D39F3488511BA63E0BF26BC4F164732E55E765A1DF2CF492E200
                                                                                                                                                                                                                          Function 00007FFEC82B68F9 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: SM_^
                                                                                                                                                                                                                          • API String ID: 0-3193930420
                                                                                                                                                                                                                          • Opcode ID: 06fe657a1f7da7e034fa2cd2571bc6b16021f741e5a010336438fb0c70d08d0a
                                                                                                                                                                                                                          • Instruction ID: bf304a80baa7e532a1f701111610f834d543f62271f93d9640a8d92560e44c15
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06fe657a1f7da7e034fa2cd2571bc6b16021f741e5a010336438fb0c70d08d0a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA41143190EA868FE39A9B34441A9B97BD1FF85321B0801BEE45ACB1B2CD2D5D46C741
                                                                                                                                                                                                                          Function 00007FFEC82B694C Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: SM_^
                                                                                                                                                                                                                          • API String ID: 0-3193930420
                                                                                                                                                                                                                          • Opcode ID: 4d033184ef547ba537e3e863f376244187de9aaa05d0f23ebce07e59c3de1255
                                                                                                                                                                                                                          • Instruction ID: 14a74a87d65de4ed0390e632c245ffa1b244af8210fd1548afe4c6a2a4b9b7e1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d033184ef547ba537e3e863f376244187de9aaa05d0f23ebce07e59c3de1255
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BF0BB3180EA174ED768E9149545CF973D4DFC4351F14073AE44BC21A1DD18AE49C2D1
                                                                                                                                                                                                                          Function 00007FFEC82B4B65 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 115 7ffec82b4b65-7ffec82b4b77 116 7ffec82b4b79-7ffec82b4b89 115->116 117 7ffec82b4bc1-7ffec82b4bc2 115->117 116->117 118 7ffec82b4c0c-7ffec82b4c23 117->118 119 7ffec82b4bc4-7ffec82b4bd4 117->119 121 7ffec82b4c2e-7ffec82b4c3f 118->121 122 7ffec82b4c25-7ffec82b4c2d 118->122 119->118 123 7ffec82b4c4a-7ffec82b4c5b 121->123 124 7ffec82b4c41-7ffec82b4c49 121->124 122->121 125 7ffec82b4c66-7ffec82b4c77 123->125 126 7ffec82b4c5d-7ffec82b4c65 123->126 124->123 127 7ffec82b4c79-7ffec82b4c81 125->127 128 7ffec82b4c82-7ffec82b4c93 125->128 126->125 127->128 129 7ffec82b4c9e-7ffec82b4caf 128->129 130 7ffec82b4c95-7ffec82b4c9d 128->130 131 7ffec82b4cba-7ffec82b4ccb 129->131 132 7ffec82b4cb1-7ffec82b4cb9 129->132 130->129 133 7ffec82b4cd6-7ffec82b4ce7 131->133 134 7ffec82b4ccd-7ffec82b4cd5 131->134 132->131 135 7ffec82b4ce9-7ffec82b4cf1 133->135 136 7ffec82b4cf2-7ffec82b4d03 133->136 134->133 135->136 137 7ffec82b4d0e-7ffec82b4d1f 136->137 138 7ffec82b4d05-7ffec82b4d0d 136->138 139 7ffec82b4d2a-7ffec82b4d3b 137->139 140 7ffec82b4d21-7ffec82b4d29 137->140 138->137 141 7ffec82b4d46-7ffec82b4d57 139->141 142 7ffec82b4d3d-7ffec82b4d45 139->142 140->139 143 7ffec82b4d59-7ffec82b4d61 141->143 144 7ffec82b4d62-7ffec82b4d73 141->144 142->141 143->144 145 7ffec82b4d7e-7ffec82b4d8f 144->145 146 7ffec82b4d75-7ffec82b4d7d 144->146 147 7ffec82b4d9a-7ffec82b4dab 145->147 148 7ffec82b4d91-7ffec82b4d99 145->148 146->145 149 7ffec82b4db6-7ffec82b4dc7 147->149 150 7ffec82b4dad-7ffec82b4db5 147->150 148->147 151 7ffec82b4dc9-7ffec82b4dd1 149->151 152 7ffec82b4dd2-7ffec82b4e20 149->152 150->149 151->152 154 7ffec82b4e7b-7ffec82b4e92 152->154 155 7ffec82b4e22-7ffec82b4e29 call 7ffec82b1908 152->155 157 7ffec82b4e2e-7ffec82b4e33 155->157 157->154 158 7ffec82b4e35-7ffec82b4e6b 157->158 160 7ffec82b4e6d 158->160 161 7ffec82b4e73-7ffec82b4e78 158->161 160->161 161->154
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e2731297c9f9270bf251d474935dd3e5f80ec9a5af78a544d95def558fcc6a8b
                                                                                                                                                                                                                          • Instruction ID: 5b212952558654dd9ed82da3eb2c65c129b2391c028e067c61a7efe3a6e472a1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2731297c9f9270bf251d474935dd3e5f80ec9a5af78a544d95def558fcc6a8b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAC1E23080E7C65FE31B8B748895AA17FA4AF03264B1D02EAD4D5CB1F3DA5C645AC762
                                                                                                                                                                                                                          Function 00007FFEC82B4BFD Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 162 7ffec82b4bfd-7ffec82b4c09 163 7ffec82b4c0b-7ffec82b4c13 162->163 164 7ffec82b4c14-7ffec82b4c23 162->164 163->164 165 7ffec82b4c2e-7ffec82b4c3f 164->165 166 7ffec82b4c25-7ffec82b4c2d 164->166 167 7ffec82b4c4a-7ffec82b4c5b 165->167 168 7ffec82b4c41-7ffec82b4c49 165->168 166->165 169 7ffec82b4c66-7ffec82b4c77 167->169 170 7ffec82b4c5d-7ffec82b4c65 167->170 168->167 171 7ffec82b4c79-7ffec82b4c81 169->171 172 7ffec82b4c82-7ffec82b4c93 169->172 170->169 171->172 173 7ffec82b4c9e-7ffec82b4caf 172->173 174 7ffec82b4c95-7ffec82b4c9d 172->174 175 7ffec82b4cba-7ffec82b4ccb 173->175 176 7ffec82b4cb1-7ffec82b4cb9 173->176 174->173 177 7ffec82b4cd6-7ffec82b4ce7 175->177 178 7ffec82b4ccd-7ffec82b4cd5 175->178 176->175 179 7ffec82b4ce9-7ffec82b4cf1 177->179 180 7ffec82b4cf2-7ffec82b4d03 177->180 178->177 179->180 181 7ffec82b4d0e-7ffec82b4d1f 180->181 182 7ffec82b4d05-7ffec82b4d0d 180->182 183 7ffec82b4d2a-7ffec82b4d3b 181->183 184 7ffec82b4d21-7ffec82b4d29 181->184 182->181 185 7ffec82b4d46-7ffec82b4d57 183->185 186 7ffec82b4d3d-7ffec82b4d45 183->186 184->183 187 7ffec82b4d59-7ffec82b4d61 185->187 188 7ffec82b4d62-7ffec82b4d73 185->188 186->185 187->188 189 7ffec82b4d7e-7ffec82b4d8f 188->189 190 7ffec82b4d75-7ffec82b4d7d 188->190 191 7ffec82b4d9a-7ffec82b4dab 189->191 192 7ffec82b4d91-7ffec82b4d99 189->192 190->189 193 7ffec82b4db6-7ffec82b4dc7 191->193 194 7ffec82b4dad-7ffec82b4db5 191->194 192->191 195 7ffec82b4dc9-7ffec82b4dd1 193->195 196 7ffec82b4dd2-7ffec82b4e20 193->196 194->193 195->196 198 7ffec82b4e7b-7ffec82b4e92 196->198 199 7ffec82b4e22-7ffec82b4e29 call 7ffec82b1908 196->199 201 7ffec82b4e2e-7ffec82b4e33 199->201 201->198 202 7ffec82b4e35-7ffec82b4e6b 201->202 204 7ffec82b4e6d 202->204 205 7ffec82b4e73-7ffec82b4e78 202->205 204->205 205->198
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e8e0dd3ac4923e90e029bd8faf7df78cbf078bd252f9cd4c6005b763e6188708
                                                                                                                                                                                                                          • Instruction ID: db58904aa26302f8c6ecfe9515038187f447512e04ca779f3c6e8a099cc931ed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8e0dd3ac4923e90e029bd8faf7df78cbf078bd252f9cd4c6005b763e6188708
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1B1D23080E7C25FE31B8B748C96A617FA0AF03224B1D02EAD4D1CB1F3DA5C645AC766
                                                                                                                                                                                                                          Function 00007FFEC82B16EB Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 246 7ffec82b16eb-7ffec82b16ee 247 7ffec82b16f1 246->247 248 7ffec82b170d-7ffec82b1711 247->248 249 7ffec82b16f3-7ffec82b1707 247->249 252 7ffec82b1740-7ffec82b1741 248->252 253 7ffec82b1713-7ffec82b1716 248->253 249->247 250 7ffec82b1709 249->250 250->248 258 7ffec82b1742-7ffec82b1747 252->258 254 7ffec82b1719 253->254 256 7ffec82b1748-7ffec82b174f 254->256 257 7ffec82b171b-7ffec82b171f 254->257 261 7ffec82b1739-7ffec82b173f 256->261 263 7ffec82b1751-7ffec82b1757 256->263 257->250 259 7ffec82b1721 257->259 258->256 260 7ffec82b1731-7ffec82b1737 258->260 264 7ffec82b1729-7ffec82b172f 259->264 260->259 260->261 261->252 261->264 263->258 265 7ffec82b1759 263->265 264->254 264->260
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e292a2cf87d67d407f2813e4fe467a12f7fc6afc3075f33aaee7d66381b881c8
                                                                                                                                                                                                                          • Instruction ID: 5c23abd88e00118f83cf435cc007648419d14e7c3fd714653b938f8420e77576
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e292a2cf87d67d407f2813e4fe467a12f7fc6afc3075f33aaee7d66381b881c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0151BA31C1D91A5BD73CDE2CD9490B97BE8EB85305B40027AF58BC70E6DD24BA05CAC5
                                                                                                                                                                                                                          Function 00007FFEC82BA465 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b0bb2c1157f6791168a9ce2e143a49a654f68c2aeb0fdae7f56c469065a69428
                                                                                                                                                                                                                          • Instruction ID: 2ed0db3fca7a4f2258ace4a6fd2ec3a211dc8d13b1644bd7fb557d2241b10f59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0bb2c1157f6791168a9ce2e143a49a654f68c2aeb0fdae7f56c469065a69428
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C651493181DA9A1FC32DCA28C8455B57BE5EB8630170442BFF587C71D2CD28A906CBD1
                                                                                                                                                                                                                          Function 00007FFEC82B43F1 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1ead0bcd68c9626c605f060397c24831ae1b2427a41f6fe7415544cc514fb700
                                                                                                                                                                                                                          • Instruction ID: 7f32e01ab89b5cb1072d062e82efb7a356c8559700fa5dc0bc7ed83452ae4a67
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ead0bcd68c9626c605f060397c24831ae1b2427a41f6fe7415544cc514fb700
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C51923090DA194FDB69EF1898857F9B3E1FF95310F0042BAE40ED7192DE74AA85CB85
                                                                                                                                                                                                                          Function 00007FFEC82B8D42 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d84f911695cc3282f4c7e50b02baeb649205a356b65c39bcaa77d33d855d4d30
                                                                                                                                                                                                                          • Instruction ID: b660b402108d99694cb97585c652709add52af8948ac2fc641f24bd7678652cc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d84f911695cc3282f4c7e50b02baeb649205a356b65c39bcaa77d33d855d4d30
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8351AD3081A56D8ADB6DDA24C8586F8B3A0EF99300F5002FAE44FD31A2DE385B85CA44
                                                                                                                                                                                                                          Function 00007FFEC82B1765 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 386 7ffec82b1765-7ffec82b1767 387 7ffec82b1769 386->387 388 7ffec82b1751-7ffec82b1757 386->388 391 7ffec82b176a-7ffec82b176f 387->391 389 7ffec82b1759 388->389 390 7ffec82b1742-7ffec82b1747 388->390 393 7ffec82b1748-7ffec82b174f 390->393 394 7ffec82b1731-7ffec82b1737 390->394 391->389 392 7ffec82b1771-7ffec82b1777 391->392 395 7ffec82b1779-7ffec82b177f 392->395 396 7ffec82b1761 392->396 393->388 397 7ffec82b1739-7ffec82b173f 393->397 394->397 398 7ffec82b1721 394->398 395->391 401 7ffec82b1781-7ffec82b1787 395->401 396->386 399 7ffec82b1729-7ffec82b172f 397->399 400 7ffec82b1740-7ffec82b1741 397->400 398->399 399->394 403 7ffec82b1719 399->403 400->390 403->393 404 7ffec82b171b-7ffec82b171f 403->404 404->398 406 7ffec82b1709-7ffec82b1711 404->406 406->400 409 7ffec82b1713-7ffec82b1716 406->409 409->403
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 78daa8c129411f4028e2b23b1f250ac8293f1da750f8328edbfb71615c6f3872
                                                                                                                                                                                                                          • Instruction ID: f994c6ebe58e434efa60c7c5bd92f093999cc5db2e870033b0a5fc9e81634543
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78daa8c129411f4028e2b23b1f250ac8293f1da750f8328edbfb71615c6f3872
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44417330D1992A4BD73CDE2CC98A0B977E9FB84305B40027EF55BC31D6DE24AA05CAC4
                                                                                                                                                                                                                          Function 00007FFEC82B4280 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 59139c402861d3493b934243853f0a5ad949c8ce58cf30ff0d605668847795ae
                                                                                                                                                                                                                          • Instruction ID: df58be304271b5986d843f3986d39ea424d5894c343b7d869ffb61d427321829
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59139c402861d3493b934243853f0a5ad949c8ce58cf30ff0d605668847795ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2351B2308096198FEBA9EF18C4887F977E0EF54311F0481BAD44EC71A2CF74AA84CB95
                                                                                                                                                                                                                          Function 00007FFEC82B313A Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5699d77762072f96e1f4ad000a823d47a4f4d2bc6638420411a86e01b45a0af3
                                                                                                                                                                                                                          • Instruction ID: a6574022450a53e4b59987c7480ffbf199ec1df3a64cef0f4692229500010a4c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5699d77762072f96e1f4ad000a823d47a4f4d2bc6638420411a86e01b45a0af3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB511232D1D95A4AEB1CDE98C5482FCB7E9EF90310F20023AE45BD71D5DE38AA02C744
                                                                                                                                                                                                                          Function 00007FFEC82B14D0 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8f0a378da1f9093127d9d2bce340b3c999b5efbd825a236ca6bbafd53ba49673
                                                                                                                                                                                                                          • Instruction ID: bc21e5084e61a50d2c92b1ce4a16fcd0ebb0fff62b40dc49d737f9e14dcf2f63
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f0a378da1f9093127d9d2bce340b3c999b5efbd825a236ca6bbafd53ba49673
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95410C30914A1E8FDF88EF68C4596FD77A5FFA8315F50053AE41ED32A0DA74A541C784
                                                                                                                                                                                                                          Function 00007FFEC82B8D63 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0f2de7fdbc8e15ac58d99f8d1523d06006b1aa4bf7283d0774991bdd105b9263
                                                                                                                                                                                                                          • Instruction ID: 5b0df86d1f9d5cfbc33f0be3a2578480e306c18b8c2a7b57bfed69aab609499c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f2de7fdbc8e15ac58d99f8d1523d06006b1aa4bf7283d0774991bdd105b9263
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24417D3091A56D8ADB6DEB14C8996FDB3E4EF99301F5001FAE40FD31A2DE385B81CA44
                                                                                                                                                                                                                          Function 00007FFEC82B36B8 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3a47f266d9db3472758505e47fb86952989cae116ac8e957bc0a7e2e31288322
                                                                                                                                                                                                                          • Instruction ID: 80421b2a9298a8fd5985d783520bb4e5f5ac74fc51bbfd39364902d34b86bcc7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a47f266d9db3472758505e47fb86952989cae116ac8e957bc0a7e2e31288322
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE31293191CA498FDB1CDB6C98096F9BBE0FB9A321F10426FD049D3652CA74A816CBC5
                                                                                                                                                                                                                          Function 00007FFEC82B55DB Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6e9abffd237196afdee6801da050f78dd0f02b3e1e75122d54ca35a431dd6f97
                                                                                                                                                                                                                          • Instruction ID: 2cd2a180b5a4c0fe605f0d224eed33a0c64bb9bcfa9c8caa0e228510471b4911
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e9abffd237196afdee6801da050f78dd0f02b3e1e75122d54ca35a431dd6f97
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE413D30A08A098FDB58EFACD889BA8B7F4FB94311F008269D01ED7651DB74E955CB81
                                                                                                                                                                                                                          Function 00007FFEC83C0033 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923144742.00007FFEC83C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC83C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec83c0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 02e34546536c7d9ec04d7c3eb852bd02cbf4cc0b84cf334ac75c5169a8ece3ff
                                                                                                                                                                                                                          • Instruction ID: 82a590673859c22849c23d0c2d585d27c7ce9393a754c2c02ae4941b2f3f006e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02e34546536c7d9ec04d7c3eb852bd02cbf4cc0b84cf334ac75c5169a8ece3ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B831C13170D9894FE7989A1C986577937D6EB9A320F08027BE04EC36A2DD29AD528385
                                                                                                                                                                                                                          Function 00007FFEC82B37B0 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2edd4ff927a872ba482710cb2d1d0350e3317432fa258200b613174c7995bb77
                                                                                                                                                                                                                          • Instruction ID: 5906bf457da3ab9bf6299fc5e52b2c323d0003329d4cd880b5338fa74692b0f3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2edd4ff927a872ba482710cb2d1d0350e3317432fa258200b613174c7995bb77
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F31097190CB489FDB1CDB5C98096F97BE0FB9A321F10426EE049D3252CB74A816CB85
                                                                                                                                                                                                                          Function 00007FFEC82B1272 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cbc8c364e29be447ff1875425aad2e5503172b0538ba7ee59bb695eb3786acdc
                                                                                                                                                                                                                          • Instruction ID: f837b508ac1e1e7394fe7d333380eba3c250aef1a21ab3f7ec3bd090373d0076
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbc8c364e29be447ff1875425aad2e5503172b0538ba7ee59bb695eb3786acdc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F31C37191CA489FDB1CDB5CD80A6B9B7E0FB99325F10422EE04AD3652CA70A8168BC5
                                                                                                                                                                                                                          Function 00007FFEC82B2000 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7ad3428ff5723c1314504300cffe031b1b8069ff3b84fae615948fc45f5d6993
                                                                                                                                                                                                                          • Instruction ID: 0b5ab947ab912a818bee105ad340f37bb53f229b178a78993a36fcb728137b89
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ad3428ff5723c1314504300cffe031b1b8069ff3b84fae615948fc45f5d6993
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F414830D1964A8FEB88EF68C549BFC77E4FF95310F40057AE40AD22A2DB386984CB04
                                                                                                                                                                                                                          Function 00007FFEC82B049A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 85cd1f7b99b3541b8ce0978c0ccc6f5aef8227f37066c87908d5d7d9a2a5a12a
                                                                                                                                                                                                                          • Instruction ID: d1ce82bc00be55d3520fe80f91a58c0f7c3652d4b29c32b5a83a04927066134f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85cd1f7b99b3541b8ce0978c0ccc6f5aef8227f37066c87908d5d7d9a2a5a12a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8021B271A08A0C8FDB58DF58D84A7FAB7E4EBA9321F00412ED049D3252DA70A856CB91
                                                                                                                                                                                                                          Function 00007FFEC82B0F99 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e6d9558b87195d615cfdef41a91d85c5a40134c2b8e0cbe75c1a01fd6587c934
                                                                                                                                                                                                                          • Instruction ID: 01a0f327e71cfe01d03f34539326947a9e71aecb5e0f390397f2104412bcc4a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6d9558b87195d615cfdef41a91d85c5a40134c2b8e0cbe75c1a01fd6587c934
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6521A371A0CA0C8FDB58DF58D8457F9BBE0EBA9321F04416FD449C3252D6709956CB91
                                                                                                                                                                                                                          Function 00007FFEC82B85CA Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36095b846e1a3bafcd7df14774c8ffbdee489feec7aee6c7134b6d810e27af3f
                                                                                                                                                                                                                          • Instruction ID: 5065e5eebbb7231751f75b12204c733d2425839bb5c5bde003061bf780aaf8ad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36095b846e1a3bafcd7df14774c8ffbdee489feec7aee6c7134b6d810e27af3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C221F630609A4C6FDB98EF688819FF633E5EB59310F0400BEE40AD32A2DD64EC45C781
                                                                                                                                                                                                                          Function 00007FFEC82B35FE Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bb69f27cca33edac8396f39b825d29eb25e8e4610ce16cc9055ccf7f31d79a24
                                                                                                                                                                                                                          • Instruction ID: de8708f503f1c29187a27b193584ed28c28ddb2b953ea0f2128b34227763d43c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb69f27cca33edac8396f39b825d29eb25e8e4610ce16cc9055ccf7f31d79a24
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4221B67190CB488FDB25DF98D88AAEABBF0EF56320F04426FD04983112D774A405CB92
                                                                                                                                                                                                                          Function 00007FFEC82B5E1B Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5ce26d33eec583669616c6b4cc06244d6e2dd2d35acf1fa974e20fc2571320cc
                                                                                                                                                                                                                          • Instruction ID: c0f0b5802683b4c778a99776449bea7df2fa0358b9abafd0105d9983e2e7bc41
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ce26d33eec583669616c6b4cc06244d6e2dd2d35acf1fa974e20fc2571320cc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA21C671A0CA0C8FDB58DF5CD84A7EA7BE0EB99321F10822BD449C3115DA709456CB91
                                                                                                                                                                                                                          Function 00007FFEC82B1232 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 27b686155f99546b2b56534a4d7fab4e8eadabbf1babca5853856918d0d337ca
                                                                                                                                                                                                                          • Instruction ID: 1e6d1e41eb913709e4b294115a3d4c5c359a3b9b225f0a953aea121f30537ce2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27b686155f99546b2b56534a4d7fab4e8eadabbf1babca5853856918d0d337ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F921997190CB088FDB14DF99D88AAFABBF4EB59321F00412ED04A93112D7707405CB96
                                                                                                                                                                                                                          Function 00007FFEC82B4F95 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e9d3861f5821809d0e27a3eca321543018e32b473ed9a86f1bb3370a9bae1679
                                                                                                                                                                                                                          • Instruction ID: 6eb421537c99e9280a0a54e111aa8660d01b13acb7558e292581893651662343
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9d3861f5821809d0e27a3eca321543018e32b473ed9a86f1bb3370a9bae1679
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4216030A18A0E8FEB5CDF58D085BFD77E1FF99310F544225E00AC7195DA75A582CB84
                                                                                                                                                                                                                          Function 00007FFEC82B69BF Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f912406076bef7f59d3a91e3c0721a0d5422ee93a10153f9806af7b13eb6f47f
                                                                                                                                                                                                                          • Instruction ID: 188deca25c7a3f9761dbf158712d7d77aa21a0b6456f9acd73d6f1066f40219d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f912406076bef7f59d3a91e3c0721a0d5422ee93a10153f9806af7b13eb6f47f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F21957090AB899FE79AEF74441A5AA7AE1FF46321B0404BFD40AD72B1DE3D4D46CB40
                                                                                                                                                                                                                          Function 00007FFEC82B10A2 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 90774edfb10d153fd55268776b3102e99d967ddc88309e2339f88d346665aa1c
                                                                                                                                                                                                                          • Instruction ID: f53fa7b85fef89fd9b94aecaf3c2f708337606944caa4c22224932a478227982
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90774edfb10d153fd55268776b3102e99d967ddc88309e2339f88d346665aa1c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7321937190CB088FDB24DF99D88AAFABBF4EB59321F10422ED04A83112D7707406CB92
                                                                                                                                                                                                                          Function 00007FFEC82B095E Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fd174bfb676a1978086c07d4ebb6051773fad2da09ead0b3e41c46d8061e381f
                                                                                                                                                                                                                          • Instruction ID: 0ad024a91d88a09b6ffd2970980d84fdb06ff336bbd04cce640c30c7a9742f1c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd174bfb676a1978086c07d4ebb6051773fad2da09ead0b3e41c46d8061e381f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A21531055EBC55FE34793B4092A2E66FE5AF86220B4940FAC489CF1A7EC1C4C4BC362
                                                                                                                                                                                                                          Function 00007FFEC82B662F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 259491779bbd77c1840b312d3a9454241e6aa922b5406ecb98a3218f12b1509c
                                                                                                                                                                                                                          • Instruction ID: 9ee34ff4bbcf5287fb43b25458c10e3f7702917245517bd0e9bb0a52317cdec9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 259491779bbd77c1840b312d3a9454241e6aa922b5406ecb98a3218f12b1509c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F21727190CB0C8FDB24DF99D88AAEABBF0EB59321F10422FD14A83512D770B455CB92
                                                                                                                                                                                                                          Function 00007FFEC82BAFC0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0c5466f308afe68686aa796a65c4dff4ce1629dbefb2c71b45be002bb9f7b152
                                                                                                                                                                                                                          • Instruction ID: e73bf653ff83b337aa17e48883df801a7462f8d1c65b83ef518dbb5a355e56c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c5466f308afe68686aa796a65c4dff4ce1629dbefb2c71b45be002bb9f7b152
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC11C231718E1D4FCB64EE1CA849AFABBE4FBA8315F10067BE00AD3251DA21E905C7C1
                                                                                                                                                                                                                          Function 00007FFEC82B8A5E Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 417fa6e63abf8d41e9ead9326e14b0fd0ba0845f809e0747588c30a463ae21ef
                                                                                                                                                                                                                          • Instruction ID: 5785f5a34946d2272370b2aee485ede7736f4e41bf1b121cf6acdb91265c51a5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 417fa6e63abf8d41e9ead9326e14b0fd0ba0845f809e0747588c30a463ae21ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD21A134D0E5A84FDB6AEA20CC495E9B774EF92310F5502EDC44F970A2EE346749CB86
                                                                                                                                                                                                                          Function 00007FFEC82B8C36 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 96a7c31912485ff7dfae7ff20a159c37d95a3abe3259423e73684d2fe6603a8f
                                                                                                                                                                                                                          • Instruction ID: 4d1a43841c363ec1165427370dd250e6cea984a69c7637b93a2608d7a5fb499e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96a7c31912485ff7dfae7ff20a159c37d95a3abe3259423e73684d2fe6603a8f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C511D53181E9594EE71AEA2099591F9B3E0FF86310F9111BAE04FD30E3EE283E45C644
                                                                                                                                                                                                                          Function 00007FFEC82B65F2 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 856ebe9b19ba678cb7b4391f5f0444d0a378e5a5cb7747efc95e06e71b260fe3
                                                                                                                                                                                                                          • Instruction ID: 3b73b9827fefca07c41e10282a90b747ea139f286a8667962d8d82910c8490ab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 856ebe9b19ba678cb7b4391f5f0444d0a378e5a5cb7747efc95e06e71b260fe3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9911937190CB088FDB15DF9CE4856A9BBF0EB58321F10426FD14983612D774A545CF86
                                                                                                                                                                                                                          Function 00007FFEC82B0ADD Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fe1ea20de89b7a86c13428acce480e976c9da4451281b527ab7c86dbc9c59838
                                                                                                                                                                                                                          • Instruction ID: 3510bfd627512acf464b9167206750f8a343a724ddc57653ee49fad7959f59db
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe1ea20de89b7a86c13428acce480e976c9da4451281b527ab7c86dbc9c59838
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED11EC6064C7C41FE386E73854191E67BD1FF99210F4441EBD488CB297DE1C4E428342
                                                                                                                                                                                                                          Function 00007FFEC82B6CA0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: be5f573c8d12e9873c73286531a1257441c1992d7c0e0014d25699f4707710de
                                                                                                                                                                                                                          • Instruction ID: 2b5a310eab05a25350106e0efbd97536661f36ba6622efd3733659366647b3ad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be5f573c8d12e9873c73286531a1257441c1992d7c0e0014d25699f4707710de
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2811A53235D64A4FE3499B68A8161F9B7D0EB86330B1401BFD886C6192E91A5842C786
                                                                                                                                                                                                                          Function 00007FFEC82B443E Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 757cc2119a1284ceb308de53f39c0e23e333aeca0bee1faddb2ea625e9cb0fb6
                                                                                                                                                                                                                          • Instruction ID: 7602acd19d83913553a2ec0d189e8129e1c7aeb5e26ff2dc7d1a06976c5cda16
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 757cc2119a1284ceb308de53f39c0e23e333aeca0bee1faddb2ea625e9cb0fb6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F11903190C6198FDB69DF18D8847E973A0FB45320F0041BAD45EC7156DB74AA94CB50
                                                                                                                                                                                                                          Function 00007FFEC82BA316 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f309e80e14e1cd09cee5f2765aeb0fb630b151c58ec2d12c626afd5f115e0436
                                                                                                                                                                                                                          • Instruction ID: 2865a44fc3572cf01dc186663d8d103542f8f3bd4a9f5d47eb2ec3db5f4027ff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f309e80e14e1cd09cee5f2765aeb0fb630b151c58ec2d12c626afd5f115e0436
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED11D235A0DA8E9FCF45EF6898056E97BB4FB55311B0041A7E04EC3291D638D950CB89
                                                                                                                                                                                                                          Function 00007FFEC82B08A6 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7676e9228cd9e7e105eec10a4a1fe2fd5fd5e21c7705d096ed828ef81927cbd6
                                                                                                                                                                                                                          • Instruction ID: 06e77369dead3f317ddca69cd489f5436ce74b174895fe133e6fc4221e51e4f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7676e9228cd9e7e105eec10a4a1fe2fd5fd5e21c7705d096ed828ef81927cbd6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24014E7164ED4D1FDB47BA7824181FE7BE0EBD5320F4001BBE28DC3192DD185A958385
                                                                                                                                                                                                                          Function 00007FFEC82B4FF9 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0e1b0e316c1d38ae7525c3086f867060eb750695f23d3386b1f635851db0bc21
                                                                                                                                                                                                                          • Instruction ID: 13c5b1fc2dc65260e7489cef422a019765997348f9a6c0511d5bf66dc42b25cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e1b0e316c1d38ae7525c3086f867060eb750695f23d3386b1f635851db0bc21
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11011A31A5CA0D8FDB1CDF4CE486AE9B7E0FB99320F544269E10983551DA35A483CBC4
                                                                                                                                                                                                                          Function 00007FFEC82BB060 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 38b64cc51e7ec4582ac5fb7416f502a6bfbf32387aec132e0d97c8ac4eb45e4d
                                                                                                                                                                                                                          • Instruction ID: c0254d8ee28905cd852faa97d2b10c6983aa02a727d38c682f3f426c5394e108
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38b64cc51e7ec4582ac5fb7416f502a6bfbf32387aec132e0d97c8ac4eb45e4d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08019C74C0EACD0FDB98EE38994D9F93BD0EFC5324B0806BCE41AE70A5D964A506C380
                                                                                                                                                                                                                          Function 00007FFEC82B25C3 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 11c1410e4dc8b61732e64dd954bca1a1d731a1132e481f48561a76616405c375
                                                                                                                                                                                                                          • Instruction ID: 02ed129d919bab2864b9f4e2f8f2e617498f2a7eccfeb8093123a9cbbf797ead
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11c1410e4dc8b61732e64dd954bca1a1d731a1132e481f48561a76616405c375
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4601B17210C7848FE315EB2E940C394BBE0EB65329F04556FC49AC36A2C7B56059CF01
                                                                                                                                                                                                                          Function 00007FFEC82B324A Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bd4a3724d7bcd77fd4c9aaa0ed52b9adf859d35a077f2213ae83c0bcbc838290
                                                                                                                                                                                                                          • Instruction ID: 553a386aa2acbdfb5d13545fe2ad4100d7c02f5cf57bf517d1f5c846c5809480
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd4a3724d7bcd77fd4c9aaa0ed52b9adf859d35a077f2213ae83c0bcbc838290
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E01D620A1DA894AEB4C9A58841CA7677D5EFD5309F10433FA48BC71D2DE24D906C704
                                                                                                                                                                                                                          Function 00007FFEC82B7E89 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 70d4e03f4a629bf2bbe6614791ba41e3a4847e1a6ec5b27323431cd6c9692f8a
                                                                                                                                                                                                                          • Instruction ID: 40175d5a20953dde4464d989266aee36d62bf44b79f84bc84bb60e93a1abb266
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70d4e03f4a629bf2bbe6614791ba41e3a4847e1a6ec5b27323431cd6c9692f8a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8201DF3140DB894FD389CB1884649AABBE0EF85310F8805BFF08AD72A2CA249904C742
                                                                                                                                                                                                                          Function 00007FFEC82B2286 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3e45bd4f225d12fb5201ca12712397690661f6798285ecb051f7f72435432317
                                                                                                                                                                                                                          • Instruction ID: 4824b9d47898ca59edc21686c8c3b30e85cee03d36b0fbe142481b332eff85b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e45bd4f225d12fb5201ca12712397690661f6798285ecb051f7f72435432317
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78F0C22580EB8A0FD34AA7B848180B03BE0EF8A21174A05BBD8D9D71A3D95D5A85C362
                                                                                                                                                                                                                          Function 00007FFEC82BAB9C Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 575f4e3109fd6247703918e781f52d67af667a3921241746568b2d19edbfda71
                                                                                                                                                                                                                          • Instruction ID: fe9dad2ae38b51167659f0c6d92ee73cae1151247bf2527ce666196733d0ae75
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 575f4e3109fd6247703918e781f52d67af667a3921241746568b2d19edbfda71
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF06D30A1DA1D4FDF98EF48A4986BDB3E1FBA8315F50047FE05AD3250C635A900C785
                                                                                                                                                                                                                          Function 00007FFEC82B6A6D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1bdfa36db1050060aabf6a46821d41381732f1debd21b4e947f89b8755ecaf0d
                                                                                                                                                                                                                          • Instruction ID: ed5d51aa0680c014c2586c8fcfcb42bf2affcd7d83b179c5e59ba891449ca0aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bdfa36db1050060aabf6a46821d41381732f1debd21b4e947f89b8755ecaf0d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F0B421B18D0E0BEB85FF9884556FEB7E5FF98310F400036F50FC2191DE14AD458684
                                                                                                                                                                                                                          Function 00007FFEC82B323B Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 60c9a16da244c23bbc4bd18e34e34d36b98131e002a866f323a49deb14fc83c8
                                                                                                                                                                                                                          • Instruction ID: ef7116d17ac14c18ef9829ab0211dc542b2cf9710620393bfb56dc3804c6ccda
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60c9a16da244c23bbc4bd18e34e34d36b98131e002a866f323a49deb14fc83c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4F03020A2C5495AEF5CDAA8C558ABA73D5FF88309F10423EA48BD25C5DF24E901C704
                                                                                                                                                                                                                          Function 00007FFEC82BABAE Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 20c2493f740fade136bdd7074dba572cb7ae51f9ef7c278cdba2fade6654b269
                                                                                                                                                                                                                          • Instruction ID: 8d0292735282fd9e4ec35cb0b6805d6074e3e2a5faa0aac038cc7227d69bb298
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20c2493f740fade136bdd7074dba572cb7ae51f9ef7c278cdba2fade6654b269
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F05E30A1DA588FDB98EF48A4555FDB7E1FB98314F10046FF05AD3251C635AA00C7C5
                                                                                                                                                                                                                          Function 00007FFEC83C007B Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923144742.00007FFEC83C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC83C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec83c0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 254e274552671ba1a019786ea6b81745a800eb14e08bccf58762341e0bbf5c22
                                                                                                                                                                                                                          • Instruction ID: 0624af5e4177037117f959cab15ba908ebb50d27105f1a6a50ac7b5553e0966f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 254e274552671ba1a019786ea6b81745a800eb14e08bccf58762341e0bbf5c22
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48E0DF50A1AD4D3EA29C616D481E97B38CCDBAE161B00013FF04DD22A3EC8AAC0242A1
                                                                                                                                                                                                                          Function 00007FFEC82B1998 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4891a15fc6d97703c5a56bd3a43e541bd1193550ed018fc47c6734ab59557cd6
                                                                                                                                                                                                                          • Instruction ID: 35f93a79b4db3d931d5018b3bd8a314cf10c381c5d732b5eeabe1b8a7ed37873
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4891a15fc6d97703c5a56bd3a43e541bd1193550ed018fc47c6734ab59557cd6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5F03030A18A4D8BCF48EF6C99151FE77F1FB58300F00452FF41AE3250CA75AA148B45
                                                                                                                                                                                                                          Function 00007FFEC82B80D4 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1a4e4ee136ae8ef3e31ad94100e72ebcf20c6230cc9124f074c312ed5df9e585
                                                                                                                                                                                                                          • Instruction ID: 9ae62c71cfb010f3dcc594830acff5781a13f1e52613c928dd6b7cb62617e3d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a4e4ee136ae8ef3e31ad94100e72ebcf20c6230cc9124f074c312ed5df9e585
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF08C32A19A0A8FDF49DE48D8919FD77B5EF8C384B100069E45EE3292CE256912C756
                                                                                                                                                                                                                          Function 00007FFEC82B1B03 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5dac17f0c341b16ac98040b4eb70329de298fbbeb28679b901c5c5d6942c90d2
                                                                                                                                                                                                                          • Instruction ID: b68d388fb9a8eeeff4dd312756c032aa480d6bc257fe34a292a25a9ef81f9f36
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dac17f0c341b16ac98040b4eb70329de298fbbeb28679b901c5c5d6942c90d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72E09276C0A64CEAEB0ABF10A9554FDBB38FF50304F9002A6F15B420A2EF716758C681
                                                                                                                                                                                                                          Function 00007FFEC82B8CF7 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a43ac2cbf720c210876f0c87a8ab31d0c322363b0ed5856723b429132cbdf8c5
                                                                                                                                                                                                                          • Instruction ID: 3c09d3f67338974d5c45d011a2b0f56573c782a3924da7379cd1e33312f43251
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a43ac2cbf720c210876f0c87a8ab31d0c322363b0ed5856723b429132cbdf8c5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89E01221915D6D5ADB55FA14C8597F972A5FBA4300F1001B5A40FD3166ED34AF808B80
                                                                                                                                                                                                                          Function 00007FFEC82B22C1 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7f9e77eb8561e3516f24fdbef6a854d11b2a532dcd317d664b00c447a49a2b3f
                                                                                                                                                                                                                          • Instruction ID: 12dd3da34ccd8b00127a95201e9b05b7e0821a81b4b36560e9af2417e7768dce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f9e77eb8561e3516f24fdbef6a854d11b2a532dcd317d664b00c447a49a2b3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99D0C221C0AE2B05EA1DBAD858AD0B49388EFC4310741083BE86FC2150CC0C6A82C158
                                                                                                                                                                                                                          Function 00007FFEC82B3F55 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4e07289f0ed00ea84c9fa96a45043c8ee077fa73fc89424abcde6db2c4136a82
                                                                                                                                                                                                                          • Instruction ID: 15a96dc660bc16467d587932c6d744d325b55ca44f289eb5b5c6aa78d434d51f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e07289f0ed00ea84c9fa96a45043c8ee077fa73fc89424abcde6db2c4136a82
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49E0863295954F5FEB549AA8DD095FD73E4FF81220B1006A6E41E87492EE691A118640
                                                                                                                                                                                                                          Function 00007FFEC82B1B71 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a67adf7809c10ae2d3cc1fd4240571acc39e18fb380800d0e5db46ac772383a6
                                                                                                                                                                                                                          • Instruction ID: f5d4af0b5e0f94ed590c3b822225a1c400a753aa28edcfdc7239de5ee6786f82
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a67adf7809c10ae2d3cc1fd4240571acc39e18fb380800d0e5db46ac772383a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBE08662D0FBD50FD36A9768186A2E87FA09F96621B4E01EBD044CF5E3E94D9C85C342
                                                                                                                                                                                                                          Function 00007FFEC82B1E18 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1c4c6402151a13097ef15ad6e72d4b48dde9aedf788ae39e5f1f7be58e13f4d0
                                                                                                                                                                                                                          • Instruction ID: c268377c4d88aadad6b2f4d648f1fb0d19a9936f07b0b82b6577e74ce55261b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4c6402151a13097ef15ad6e72d4b48dde9aedf788ae39e5f1f7be58e13f4d0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AD01721A4680E8FDA48FE58A9521FEB356EF89310F810031F51EC31D2CD256D20C744
                                                                                                                                                                                                                          Function 00007FFEC82B2CE5 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 31bce2d5ccdab1ffc90c42c05898e80019d2539f73af8ac8ffff5a9b28d9e87f
                                                                                                                                                                                                                          • Instruction ID: 271a0f4820cc8825429904b5afb745328f233a847ae847033ec474e05bd4a965
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31bce2d5ccdab1ffc90c42c05898e80019d2539f73af8ac8ffff5a9b28d9e87f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BC08C7360C20C8CFB0C664DB8031F8B790E782239F00417BE28B42813E64730378AC9
                                                                                                                                                                                                                          Function 00007FFEC82B416D Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ec92b0fc688353cfc108aa10026c2d61caf4ebbcc7ad707d9d9c44393385703d
                                                                                                                                                                                                                          • Instruction ID: be83b3cf4932f535ca7e2fac66c50f79efdd4a6ceec0203dd50fc0cea11cddef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec92b0fc688353cfc108aa10026c2d61caf4ebbcc7ad707d9d9c44393385703d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10D02222C47A2212A25929BC220A1B23288CFC1332B1A1331F83A4B0F18C0C1D8380E8
                                                                                                                                                                                                                          Function 00007FFEC82B3EC6 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a55d1ff093af279e5fe695cfc53f2f113fe9347320f6c6cfd64ef57184ef0c29
                                                                                                                                                                                                                          • Instruction ID: cf085def56d9e172680d479fca51e337152d540dd26bbfb1e37ac7fb595268c7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a55d1ff093af279e5fe695cfc53f2f113fe9347320f6c6cfd64ef57184ef0c29
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3D0A75088B747AFE30E77A024161E6F6D0BF02230B5505FED446471E3DD4D09C1C241
                                                                                                                                                                                                                          Function 00007FFEC82B7FB0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9f057c5f013af2a115a58617049284821fe0a84b47b6e3add6e6f6ded1ba1a6e
                                                                                                                                                                                                                          • Instruction ID: ef9ab0d749b9dbbc1e4baedff2a05aaf2dabc55a19b209226b0f4193b1857bba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f057c5f013af2a115a58617049284821fe0a84b47b6e3add6e6f6ded1ba1a6e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68D02B70C0EB448FDF428B2848A81947FF0AF0A310B5D00DED0C4972D2E9141241C71E
                                                                                                                                                                                                                          Function 00007FFEC82B0A23 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0f7041396edefb68064cf308464978152b84ed93fb5ebebd2d7bfe7269e7c7d4
                                                                                                                                                                                                                          • Instruction ID: 6e9e2a967d0f945506a3e3110a77f790e6c1f77331b0715b728af89a19d036d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f7041396edefb68064cf308464978152b84ed93fb5ebebd2d7bfe7269e7c7d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0C01200F188090AA599B2B800A927C84C3EBCC201F4000B6E40EE33D3EC0CAE810284
                                                                                                                                                                                                                          Function 00007FFEC82B6F05 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bf1c9353a4fa269eeb4bf0c96f4fe84a332cc04bcecc0d1f50878f6c8b83fc1e
                                                                                                                                                                                                                          • Instruction ID: 410269a164cca75786fe8cddef2b7243c6f7321e51e7262fc2d14a0587952641
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf1c9353a4fa269eeb4bf0c96f4fe84a332cc04bcecc0d1f50878f6c8b83fc1e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BD0A761D19C068BFB4EB63445458BD72A2DF54340750407BE44FC229BDD2D9E464341
                                                                                                                                                                                                                          Function 00007FFEC82B30FB Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 04ca30d5a55db5f3626a6cea74aeaaac12f0eab346b436d1105469c7d98d8a39
                                                                                                                                                                                                                          • Instruction ID: a99a702ad17ca7497292794dbca3e6025de6bef91fa9585b10ca129ebb202cb1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04ca30d5a55db5f3626a6cea74aeaaac12f0eab346b436d1105469c7d98d8a39
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0C01281C1F59205EE0D2965154D0B42D984F52310F9980B9E08A861E3984A2745C305
                                                                                                                                                                                                                          Function 00007FFEC82B6F36 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 93743a331dfa1e6f7e1f38857c785b3234bce2f58b2836a022a57fcbff6ab0b8
                                                                                                                                                                                                                          • Instruction ID: 95cd5bed96ecf077a1f8ff8ff30a9afea894c498e2d513b18524d0a7194d988f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93743a331dfa1e6f7e1f38857c785b3234bce2f58b2836a022a57fcbff6ab0b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2C04820B0580E4E6ACCEE6C015977924C2DBAC341710006B680EC23A6CC299D844380
                                                                                                                                                                                                                          Function 00007FFEC82B8B20 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1921787932.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fe81ca90e0d55bb0efbedef570db39a07810b528976dd244c1b4467200cce2d1
                                                                                                                                                                                                                          • Instruction ID: 7a35ad1bcdad08b67b18341a2fc0efa1f21517c2d6a87ffd78aa9f648ea02d54
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe81ca90e0d55bb0efbedef570db39a07810b528976dd244c1b4467200cce2d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4B01228B19C5946D709AA18541C1F56290F7E8341F210065B00EC73D2FC30AA448A04

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FFF3C508AEC Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memchr$isdigit$localeconv
                                                                                                                                                                                                                          • String ID: 0$0123456789abcdefABCDEF
                                                                                                                                                                                                                          • API String ID: 1981154758-1185640306
                                                                                                                                                                                                                          • Opcode ID: bfe5ce258dc707371fcc712cb7d823bc8711584f4847fb00fe5ac810a8f06748
                                                                                                                                                                                                                          • Instruction ID: a24bc7a7ed1734be8550423f6333fb08fedbcd1d9bb2f9af275dc8388709142a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfe5ce258dc707371fcc712cb7d823bc8711584f4847fb00fe5ac810a8f06748
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0914773A085A646EBA18F20D8106BA7BE1FB54F48F499131DE8E87745DF3CE806E740
                                                                                                                                                                                                                          Function 00007FFF3C507E18 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 234COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: isdigit$localeconv
                                                                                                                                                                                                                          • String ID: 0$0
                                                                                                                                                                                                                          • API String ID: 3674116420-203156872
                                                                                                                                                                                                                          • Opcode ID: 4406834286838e5a66ea1643bb5e1b65b61d336e67f6b85cf59e0c0fa5124fa1
                                                                                                                                                                                                                          • Instruction ID: 83f8ccde5188822869beb3dcc66ed30d3c90c63407856385ab998373f29aeae9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4406834286838e5a66ea1643bb5e1b65b61d336e67f6b85cf59e0c0fa5124fa1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD812773B0869247E7914F25D8603BA7BE1FB90F88F499034DE8A97295DA3CF945E700
                                                                                                                                                                                                                          Function 00007FFF3C509F08 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 225COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: iswdigit$btowclocaleconv
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 240710166-4108050209
                                                                                                                                                                                                                          • Opcode ID: 2ce769a20d79b02018313e3b4f1f7cfb6aa3882f2116b24e9f8fa3ef64a51e77
                                                                                                                                                                                                                          • Instruction ID: f41556c2c00efb74d2f892c5b87f6aef2ef5be86e6295d8d8cfe42698018319c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ce769a20d79b02018313e3b4f1f7cfb6aa3882f2116b24e9f8fa3ef64a51e77
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69812673A0855686E7A18F25D8502BE73E1FF90F88F495135DF8A86295EF3CE849E700
                                                                                                                                                                                                                          Function 000001491F706DDC Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1913723028.000001491F701000.00000020.00000001.01000000.00000015.sdmp, Offset: 000001491F700000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1913682810.000001491F700000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1913865226.000001491F70A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1914071467.000001491F719000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1914157056.000001491F71A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_1491f700000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                          • Opcode ID: ab6f8bd3fb4afeb51318e495bf2b72adc6517a168825a7cd28b25ff7461fb1a4
                                                                                                                                                                                                                          • Instruction ID: bfba9af107ac7948cef84e05d0c15b70a216225a1f51cf018136e92d2fd8fd33
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab6f8bd3fb4afeb51318e495bf2b72adc6517a168825a7cd28b25ff7461fb1a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D314373204B8A86EF609F60E8607DE7360FB95B58F444029DB4D47BA8EF38C548C714
                                                                                                                                                                                                                          Function 00007FFF3C50A5FC Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 236COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: iswdigit$localeconv
                                                                                                                                                                                                                          • String ID: 0$0$0$0123456789abcdefABCDEF
                                                                                                                                                                                                                          • API String ID: 2634821343-4215698122
                                                                                                                                                                                                                          • Opcode ID: 3704fcaff07c8aff4c597c3cc12ea7b955c33ea8c9b99a4c7dcb4ad09e9f94a2
                                                                                                                                                                                                                          • Instruction ID: 674770dc7ba2cd7639ce62bcb41bf349f159a3b7ceeb9e273f303296e44f85f3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3704fcaff07c8aff4c597c3cc12ea7b955c33ea8c9b99a4c7dcb4ad09e9f94a2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49810962E1827686EBB54F14D80067A76E0FF54F45F4A8131DF8A87781EB3CE84AE740
                                                                                                                                                                                                                          Function 00007FFF3C4DA360 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst_invalid_parameter_noinfo_noreturnwcscpy_s
                                                                                                                                                                                                                          • String ID: .$.
                                                                                                                                                                                                                          • API String ID: 1484651601-3769392785
                                                                                                                                                                                                                          • Opcode ID: 7f2e76241fb6167369e219414ee462f878d2fbb825c9a126d35d20a4c5254c3a
                                                                                                                                                                                                                          • Instruction ID: aa9d68d6ee52e122e71c6f3549d2531bef2a2658182fe0336d379658b02d19c7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f2e76241fb6167369e219414ee462f878d2fbb825c9a126d35d20a4c5254c3a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F341DB63A1864142EA60EF69E88827A73E0FB957A8F414331EB6D036D5DF7CD585D700
                                                                                                                                                                                                                          Function 000001491F7069C4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1913723028.000001491F701000.00000020.00000001.01000000.00000015.sdmp, Offset: 000001491F700000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1913682810.000001491F700000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1913865226.000001491F70A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1914071467.000001491F719000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1914157056.000001491F71A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_1491f700000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                          • Opcode ID: d2efeeb549ca18fbec7cef4ce361d0aa23e86b71f7bc35a91ac3ccb4834afd55
                                                                                                                                                                                                                          • Instruction ID: 9c520d6f30edf5b95fbdf05be729719140bd225c481de9b33374242ee56f59a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2efeeb549ca18fbec7cef4ce361d0aa23e86b71f7bc35a91ac3ccb4834afd55
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4111F32710B0A89FB00DF60E8643A933A4F769B68F441A21DA5D467A8EB78C199C340
                                                                                                                                                                                                                          Function 00007FFF3C4E1F6C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                                                          • String ID: !x-sys-default-locale
                                                                                                                                                                                                                          • API String ID: 4235545615-2729719199
                                                                                                                                                                                                                          • Opcode ID: 5da859e977af74afa8353f9a6c5f78e49b3ee79ef77f832fd984a175f1757dbc
                                                                                                                                                                                                                          • Instruction ID: 8fa8bc05ab361fbd183e09a41845b052c0f1ac81c4828f33ef0af371a3421697
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5da859e977af74afa8353f9a6c5f78e49b3ee79ef77f832fd984a175f1757dbc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D701D672F08B8282E7618B22F8407BAA7E1FB88B98F458035DA4D07B95CF3CD501C740
                                                                                                                                                                                                                          Function 00007FFF3C4DA7F0 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DiskFreeSpace_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2170103895-0
                                                                                                                                                                                                                          • Opcode ID: eca9dd593ec568272995e89b02f1bee97cb2e4dc35f07cd198b2e2c2bbf21cac
                                                                                                                                                                                                                          • Instruction ID: a1f321bc5b9f661c5a3bea7a0e8d376dbcd53592a7eb2abcc70c1ad5ab332c70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eca9dd593ec568272995e89b02f1bee97cb2e4dc35f07cd198b2e2c2bbf21cac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D418AA2F00B4198FB00EBA5D4842AC37F1FB58BA8F555226DE5D23B99DF38D096D350
                                                                                                                                                                                                                          Function 00007FFF3C4FD6A0 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InfoLocale___lc_locale_name_func
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3366915261-0
                                                                                                                                                                                                                          • Opcode ID: 36070760c2a1bd6d8ebcc2fcb2fece1e23610b0ed56ea6f9fbc3a67b73d02466
                                                                                                                                                                                                                          • Instruction ID: a4f04be7db47d2d6903e26402be80972ecae92f9e41c610b2e49c14449880b38
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36070760c2a1bd6d8ebcc2fcb2fece1e23610b0ed56ea6f9fbc3a67b73d02466
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6F03932E2C582C2F3A86F28D8A973C23E0FB55709F820136E50F466A4DEACE544E741
                                                                                                                                                                                                                          Function 00007FFF3D7294CC Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                                                                                                                          • API String ID: 2943138195-1482988683
                                                                                                                                                                                                                          • Opcode ID: 42bd956a0521df0bb215b1c300124c972e1b6c0f845a56a9a1a0b204cefc3c34
                                                                                                                                                                                                                          • Instruction ID: 4cdd8c704fa753b4ab56e10bf86bcf5b038383882e47b6cbe50738f74c549c74
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42bd956a0521df0bb215b1c300124c972e1b6c0f845a56a9a1a0b204cefc3c34
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E026FB2E5869A88FB189BE9D8941FC27F0BB45344F585135CA4D16AA8FF3CF644E340
                                                                                                                                                                                                                          Function 00007FFF3D72CDCC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                                                          • String ID: `anonymous namespace'
                                                                                                                                                                                                                          • API String ID: 3863519203-3062148218
                                                                                                                                                                                                                          • Opcode ID: 7b7e9226b92562ce1af46590ad6a9382ebbecfc6adce6f9c26686976aa1ce793
                                                                                                                                                                                                                          • Instruction ID: 9051a3db245b109fcf4e8a7362096356f673dc29b9be66dcea0aceed49253de1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b7e9226b92562ce1af46590ad6a9382ebbecfc6adce6f9c26686976aa1ce793
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8E15872A08BCA99EB10DFA4E8801ED77E0FB45784F804136EA8D17B95EF38E555D740
                                                                                                                                                                                                                          Function 00007FFF3D72DC34 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: NameName::$Name::operator+atolswprintf_s
                                                                                                                                                                                                                          • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                                                                                                                          • API String ID: 2331677841-2441609178
                                                                                                                                                                                                                          • Opcode ID: 67fbf97d81b02749f9509a8c4f2694abdb9786e9786639b69dd16a9e3b2c746f
                                                                                                                                                                                                                          • Instruction ID: cbd96844851e80a71e48f18f3868e0c0b0a581e074ea6c81df3163784f5038ff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67fbf97d81b02749f9509a8c4f2694abdb9786e9786639b69dd16a9e3b2c746f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DF19D32E1869A84FB249BF4D9941FC27E1AF19784F940136DE0D26B95FF3CB545A380
                                                                                                                                                                                                                          Function 00007FFF3D72B294 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2943138195-0
                                                                                                                                                                                                                          • Opcode ID: 214de0f7f58aac0764383bd34bc169b25bbdf3ac85b5305c3b37a2798d5e2b6f
                                                                                                                                                                                                                          • Instruction ID: 19440345dce61ac61f27b694a6fe4229f3e7dedf71075b3ed381ab13fdbb1ceb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 214de0f7f58aac0764383bd34bc169b25bbdf3ac85b5305c3b37a2798d5e2b6f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF16976A08A8A9EE711DFA4E4951FC37F0EB0474CB444036EA4D57B99EE38E519E380
                                                                                                                                                                                                                          Function 00007FFF3C4D2740 Relevance: 18.2, APIs: 12, Instructions: 240COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$__strncntfreemalloc$CompareInfoString
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3420081407-0
                                                                                                                                                                                                                          • Opcode ID: 3a85b2404574188ae32d9f64e8b354bffe683efe23454bfe8da5b5ca5b410ce0
                                                                                                                                                                                                                          • Instruction ID: 529264b61f249a700647cc5aaec41b16b346628ce155f95fa5a1829e42ec4da1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a85b2404574188ae32d9f64e8b354bffe683efe23454bfe8da5b5ca5b410ce0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79A1C122B0878246EB70AF25C49837A66D1EF44BA8F864631DE5D067C6DF7CFC45A320
                                                                                                                                                                                                                          Function 00007FFF3D723334 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 309COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                          • API String ID: 4223619315-393685449
                                                                                                                                                                                                                          • Opcode ID: 136ccb217c6342170b2e40de9bcc27d78e98e413111f3fdb98d74605d14dd66b
                                                                                                                                                                                                                          • Instruction ID: 836e80da77a1603829fceefb7254f2564bf1cdd31f12038702c16c300cc784ef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 136ccb217c6342170b2e40de9bcc27d78e98e413111f3fdb98d74605d14dd66b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DD19172E087898AEB209FA5D4802AD77E4FB45B98F50013AEE8D57B55EF38F191D700
                                                                                                                                                                                                                          Function 00007FFF3D72EDC4 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Replicator::operator[]
                                                                                                                                                                                                                          • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                                                                                                                          • API String ID: 3676697650-3207858774
                                                                                                                                                                                                                          • Opcode ID: d6d96e58e56aecf7a62acf838a8154a9c3b739b48ea3dca409ea4180aa86bfee
                                                                                                                                                                                                                          • Instruction ID: 203aba4aa3b9386d2acabaf501ba6bd2c767de4e683d204b6b17db342afd9a99
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6d96e58e56aecf7a62acf838a8154a9c3b739b48ea3dca409ea4180aa86bfee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F919D32A18A8A99FB20CFA1D4902FC77E1AB58758F844136EA4D07795EF3CF545E390
                                                                                                                                                                                                                          Function 00007FFF3C4E6E08 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFF3C4EE90E), ref: 00007FFF3C4E6E53
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFF3C4EE90E), ref: 00007FFF3C4E6E73
                                                                                                                                                                                                                          • _Maklocstr.LIBCPMT ref: 00007FFF3C4E6E8D
                                                                                                                                                                                                                          • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFF3C4EE90E), ref: 00007FFF3C4E6E96
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFF3C4EE90E), ref: 00007FFF3C4E6EB6
                                                                                                                                                                                                                          • _Maklocstr.LIBCPMT ref: 00007FFF3C4E6ED0
                                                                                                                                                                                                                          • _Maklocstr.LIBCPMT ref: 00007FFF3C4E6EE5
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F12
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F38
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F50
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF3C4E6E7D
                                                                                                                                                                                                                          • :AM:am:PM:pm, xrefs: 00007FFF3C4E6EDE
                                                                                                                                                                                                                          • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFF3C4E6EC0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                                                                                                                                          • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                          • API String ID: 2460671452-35662545
                                                                                                                                                                                                                          • Opcode ID: e605f10ed45052a7da8f4d8a6087127061f4544bf6b44d6e1e42e8552ad41aca
                                                                                                                                                                                                                          • Instruction ID: 9734a61ad5ccbfc9569a161dafdae2c0a12078d783b31ab7f2a69fde54944cc9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e605f10ed45052a7da8f4d8a6087127061f4544bf6b44d6e1e42e8552ad41aca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2316522A08B8686EB00DF32E8402A977E1FB98F94F4A8235DA4D43756DF3CE181D340
                                                                                                                                                                                                                          Function 00007FFF3C4D2B70 Relevance: 16.7, APIs: 11, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiStringWide$freemalloc$__strncnt
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1733283546-0
                                                                                                                                                                                                                          • Opcode ID: 8d1454e74cf2446912ff0ec3563468defa227705ba58393810ede2454d5cb089
                                                                                                                                                                                                                          • Instruction ID: c7599090d9fa3b1674afafbe011006ddc23f6838a53f2e1080e889065af4be70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d1454e74cf2446912ff0ec3563468defa227705ba58393810ede2454d5cb089
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2481B132A0974286EB709F21E48437AA3E1FF84BA8F050235EA5E57BD5DF3CE8459310
                                                                                                                                                                                                                          Function 00007FFF3D729178 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2943138195-0
                                                                                                                                                                                                                          • Opcode ID: 7b5661194ffe89ce305229f5119f63caed1cb30a475ffb1c0b7852583c735bf0
                                                                                                                                                                                                                          • Instruction ID: ddf2edf6bf2bf882926e5737ee04f407d09205980c80c4e0b6df4ef649cf0037
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b5661194ffe89ce305229f5119f63caed1cb30a475ffb1c0b7852583c735bf0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB714A72B05A8A99EB10DFA4D4811FC33F1AB4478CB844432DE4D67A99EF38E619D390
                                                                                                                                                                                                                          Function 00007FFF3C518DF0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 229COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                          • API String ID: 2003779279-1866435925
                                                                                                                                                                                                                          • Opcode ID: 9683fe5ecf1d363253f1b605d1cd2dc95da79829f3f3562ae287b3f8f65d6833
                                                                                                                                                                                                                          • Instruction ID: f44936ae7a3e040cc3c88e5ceb0428a3f63c96a74565d76ee9081a2f0725011b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9683fe5ecf1d363253f1b605d1cd2dc95da79829f3f3562ae287b3f8f65d6833
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E291EF23A18A4685EFA4DF15D8853B937E0FB84F84F858432DA0E437A9DF2DE44AD340
                                                                                                                                                                                                                          Function 00007FFF3D72AADC Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                                                                                                                          • API String ID: 2943138195-1464470183
                                                                                                                                                                                                                          • Opcode ID: 056f7ce24c9a02fb08967ba7ebef161081805b5f1a36d64d6cbfd7b45a579add
                                                                                                                                                                                                                          • Instruction ID: 39104d9507e9a22ed2344c2c98eddc774b9d37e7006c4dbb1d1a85e754a04344
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 056f7ce24c9a02fb08967ba7ebef161081805b5f1a36d64d6cbfd7b45a579add
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33512732E18AAA8AEB14CBA4E8805FC37F1BB04388F504536DA4D57B59EF39F545E740
                                                                                                                                                                                                                          Function 00007FFF3C507BC0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Xp_setw$Xp_setn$Xp_addx$isspaceisxdigit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2501290797-0
                                                                                                                                                                                                                          • Opcode ID: 21da6a4f17f49cb7967e78601ae5b57348283273755f20e84b22add998b879ef
                                                                                                                                                                                                                          • Instruction ID: a3ad72868b3b7d18e429828de72feaeed83e867cdff58bf836d202ed2f108ca8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21da6a4f17f49cb7967e78601ae5b57348283273755f20e84b22add998b879ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5619423F085569AF750DAA2D8802FD37E1BB54B8CF524536DE0D67A85DE3CE90AE700
                                                                                                                                                                                                                          Function 00007FFF3C509CB0 Relevance: 15.2, APIs: 10, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Xp_setw$Xp_setn$Xp_addx$iswspaceiswxdigit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3781602613-0
                                                                                                                                                                                                                          • Opcode ID: 53210aa5814b0a8d508e44c2da40037058d9cf683dce0713d0cb7fb9d2746126
                                                                                                                                                                                                                          • Instruction ID: 8ea275715eba22301d38cd80091360c5ed38196811d10a3db2f3705923867fb2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53210aa5814b0a8d508e44c2da40037058d9cf683dce0713d0cb7fb9d2746126
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E619122F085529AF751DAA2D8802FD37E1AB54B4CF524536DE0D67B89DF3CE90AE700
                                                                                                                                                                                                                          Function 00007FFF414B12D0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$AdjustPointermemmove
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 338301193-0
                                                                                                                                                                                                                          • Opcode ID: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                                                                                                          • Instruction ID: b2f9f28aafc17269454a4c4082050cff1ae566656606f4473cda665bab708040
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0516D21E0EA4281FB77EB55E5D4E3C67D4EF46F84F099435DA4E46AA8EF2CE4428310
                                                                                                                                                                                                                          Function 00007FFF3D7237F8 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                          • API String ID: 211107550-393685449
                                                                                                                                                                                                                          • Opcode ID: 6f42a4adf4f654b9ccc7c674dc7e4c3ff1af33df0a1f36dd7bc44f2aa948d2c7
                                                                                                                                                                                                                          • Instruction ID: 0ae8fd34b7d67fbc2c66007f8e8561be91375dc4e03507291a78b247de064cea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f42a4adf4f654b9ccc7c674dc7e4c3ff1af33df0a1f36dd7bc44f2aa948d2c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DE19973E086DA8AE7209FB4D4802AD77E0FB45B58F14023ADA9D57696EF38F181D700
                                                                                                                                                                                                                          Function 00007FFF414B1650 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                          • API String ID: 211107550-393685449
                                                                                                                                                                                                                          • Opcode ID: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                                                                                                          • Instruction ID: 8b975b9c73c3db3d732183b81178b264b514b6149dcbd9d5e719211f57c617ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E19372D0C6818AEB22EF75E4C0AAD77E0FB46B48F144235DA8D5766ADF38E585C700
                                                                                                                                                                                                                          Function 00007FFF3C5088F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 148COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFF3C4E005B), ref: 00007FFF3C50892D
                                                                                                                                                                                                                          • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFF3C4E005B), ref: 00007FFF3C5089CB
                                                                                                                                                                                                                          • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFF3C4E005B), ref: 00007FFF3C5089DD
                                                                                                                                                                                                                          • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFF3C4E005B), ref: 00007FFF3C508A18
                                                                                                                                                                                                                          • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFF3C4E005B), ref: 00007FFF3C508A26
                                                                                                                                                                                                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FFF3C4E005B), ref: 00007FFF3C508AA6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                                                          • String ID: 0$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                          • API String ID: 3508154992-2692187688
                                                                                                                                                                                                                          • Opcode ID: c4eb95e7717bfe049bc9e30e3fb653c2c0825339a0103deeba7df756b235c598
                                                                                                                                                                                                                          • Instruction ID: 7ea5129ec33894e4120cc30228ae2598c49bdbdaaf85dd84ef8ff5dc833f25c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4eb95e7717bfe049bc9e30e3fb653c2c0825339a0103deeba7df756b235c598
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB51F813E0CBE645EBE19F249811B7967D0AB45FA0F4E5430CDAD86785DF3CE846A701
                                                                                                                                                                                                                          Function 00007FFF3D72C808 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                                                                                                                          • API String ID: 2943138195-2239912363
                                                                                                                                                                                                                          • Opcode ID: 39f267e24cea2a085efea57700c8f0511391629eccd065b63ffe6c0b5b6c4cba
                                                                                                                                                                                                                          • Instruction ID: 18fa456279acb300ad2253869a9a374d2df8df57a306ce31b7ed1ca6a88ca35c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39f267e24cea2a085efea57700c8f0511391629eccd065b63ffe6c0b5b6c4cba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB513B62E18B9A9DFB158BA0D8412BD37F0BB18748F448135EA8D12B99EF3DB144E750
                                                                                                                                                                                                                          Function 00007FFF3C4D6CD0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                          • API String ID: 1099746521-1866435925
                                                                                                                                                                                                                          • Opcode ID: 3f90ff220a0d5ba7b9ed87cdd8d76cee1756ef03fcb66314c37f7537eac797d0
                                                                                                                                                                                                                          • Instruction ID: c889714be8845f804849efaa40aabf70cca1075446bf5cf89b2cb3048b8d9d22
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f90ff220a0d5ba7b9ed87cdd8d76cee1756ef03fcb66314c37f7537eac797d0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0210661A1850A95FB94FB10FCCA3F923E1AF60B88FD94831D50D025A3EF2DE185E390
                                                                                                                                                                                                                          Function 00007FFF3C50A910 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                          • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 667068680-1247241052
                                                                                                                                                                                                                          • Opcode ID: adf4213de8606483d3efac82db9710855be8762a76baa7a997fdbecebdc71b0d
                                                                                                                                                                                                                          • Instruction ID: b521d39eb8d0c2b98be8b28bede1793c0582d54a76b9fcef93a246964abf6fdc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adf4213de8606483d3efac82db9710855be8762a76baa7a997fdbecebdc71b0d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BF07F64A0AB4381EA84AB61BC5447473E4BF48F92BD48035C81F47320EF3CA199E390
                                                                                                                                                                                                                          Function 00007FFF3C518B70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                          • API String ID: 2003779279-1866435925
                                                                                                                                                                                                                          • Opcode ID: d32f189367028e5cdde9405d25fc529d58a856820c390070d5beeb915c714ccc
                                                                                                                                                                                                                          • Instruction ID: 05c21d8c87c07c0a55e8cb90ef4f4f1d205ade18254600bd2921b315a8e1528a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d32f189367028e5cdde9405d25fc529d58a856820c390070d5beeb915c714ccc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5461BE23608A4685EFA4CF15D8953B927E0FF90F88F968436CA0E477A9CF2CE446D340
                                                                                                                                                                                                                          Function 00007FFF3C4E38C0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 165fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrowfputwcfwritestd::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                          • API String ID: 1428583292-1866435925
                                                                                                                                                                                                                          • Opcode ID: d54f6f366594eb575b8d412551bf48bd0f96431c82c584339437ebc46d035372
                                                                                                                                                                                                                          • Instruction ID: ea21253c1fa482808b01b39081639e343e63679deca4698a3721f93b505e7cb1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d54f6f366594eb575b8d412551bf48bd0f96431c82c584339437ebc46d035372
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01618B72608A8699EB51CF35E4802B933E0FB54F8CF865032EA4D47BA5EF39E595D340
                                                                                                                                                                                                                          Function 00007FFF3D72662A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                                                                                                                                                                          • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                                                                                                                                          • API String ID: 1852475696-928371585
                                                                                                                                                                                                                          • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                                                                                                          • Instruction ID: 4f42d4834f6cc0a33d5f1c5619a693dd2fc3e6e658b2dbc5b1c48503afaffb13
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1516B62A19A8A92EB30DBA5E8916BD63E1FB44B84F404432DA4D43765FF3CF605E740
                                                                                                                                                                                                                          Function 00007FFF3C518910 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 160COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::ios_base::failure::failure.LIBCPMT ref: 00007FFF3C518B03
                                                                                                                                                                                                                          • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFF3C50AB84), ref: 00007FFF3C518B14
                                                                                                                                                                                                                          • std::ios_base::failure::failure.LIBCPMT ref: 00007FFF3C518B57
                                                                                                                                                                                                                          • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFF3C50AB84), ref: 00007FFF3C518B68
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                          • API String ID: 2003779279-1866435925
                                                                                                                                                                                                                          • Opcode ID: 495d6bd3cdc3f56359a1158ef11b9f6cc3e083b47c91db06cb9b62f7985930ad
                                                                                                                                                                                                                          • Instruction ID: 4e5973b91d40d7786d6b025a4e91fe9d06312625cd2ac85010e717687e68bbdc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 495d6bd3cdc3f56359a1158ef11b9f6cc3e083b47c91db06cb9b62f7985930ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0161B023A08A4586EFA4DF19D4943B937E0FB80F94F868436DA4E477A9CF2CE446D300
                                                                                                                                                                                                                          Function 00007FFF3C5086E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                                                          • String ID: 0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                          • API String ID: 3508154992-4256519037
                                                                                                                                                                                                                          • Opcode ID: d857bbab0a05a34ef21721403163653e57d835ca7b8e7b3a215c1e954870a4b5
                                                                                                                                                                                                                          • Instruction ID: e84ed209e2194abf20c9f652a9bbc06190a04ce805562bdb64ed136e428716ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d857bbab0a05a34ef21721403163653e57d835ca7b8e7b3a215c1e954870a4b5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1510527E0C6A686E7A18E25A810B797BD0BF85F95F494434CD9DC2799DF3CE842A700
                                                                                                                                                                                                                          Function 00007FFF3C4DB210 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                          • API String ID: 2003779279-1866435925
                                                                                                                                                                                                                          • Opcode ID: e0c8c7c3db13bda117808125c9f4d8b899fe4ac307ba0d60ac1330275e193daf
                                                                                                                                                                                                                          • Instruction ID: 2ef1af42516a55e670621d5955f09297b0d66aa8080a72385f5077360d620d8c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0c8c7c3db13bda117808125c9f4d8b899fe4ac307ba0d60ac1330275e193daf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7851AA22A18A4981EB50EF19D8C46B973E0FF84F98FA58532DA4D436B6DF3CE445E740
                                                                                                                                                                                                                          Function 00007FFF3D726FE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FFF3D7271A3,?,?,00000000,00007FFF3D726FD4,?,?,?,?,00007FFF3D726D11), ref: 00007FFF3D727069
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FFF3D7271A3,?,?,00000000,00007FFF3D726FD4,?,?,?,?,00007FFF3D726D11), ref: 00007FFF3D727077
                                                                                                                                                                                                                          • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFF3D7271A3,?,?,00000000,00007FFF3D726FD4,?,?,?,?,00007FFF3D726D11), ref: 00007FFF3D727090
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FFF3D7271A3,?,?,00000000,00007FFF3D726FD4,?,?,?,?,00007FFF3D726D11), ref: 00007FFF3D7270A2
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FFF3D7271A3,?,?,00000000,00007FFF3D726FD4,?,?,?,?,00007FFF3D726D11), ref: 00007FFF3D727110
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FFF3D7271A3,?,?,00000000,00007FFF3D726FD4,?,?,?,?,00007FFF3D726D11), ref: 00007FFF3D72711C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                          • API String ID: 916704608-2084034818
                                                                                                                                                                                                                          • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                                                                                                          • Instruction ID: 27e450bf2040e5529b5de8508f4cc4a5774f1f451747b4a9b3ca0e73814c6413
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF317E21B1AA8A91EF319B829940ABD63E4FF44BA0F9D4535DD1D0B390FE3CF548A311
                                                                                                                                                                                                                          Function 00007FFF414B35E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FFF414B379F,?,?,00000000,00007FFF414B35D0,?,?,?,?,00007FFF414B334D), ref: 00007FFF414B3665
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FFF414B379F,?,?,00000000,00007FFF414B35D0,?,?,?,?,00007FFF414B334D), ref: 00007FFF414B3673
                                                                                                                                                                                                                          • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFF414B379F,?,?,00000000,00007FFF414B35D0,?,?,?,?,00007FFF414B334D), ref: 00007FFF414B368C
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FFF414B379F,?,?,00000000,00007FFF414B35D0,?,?,?,?,00007FFF414B334D), ref: 00007FFF414B369E
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FFF414B379F,?,?,00000000,00007FFF414B35D0,?,?,?,?,00007FFF414B334D), ref: 00007FFF414B370C
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FFF414B379F,?,?,00000000,00007FFF414B35D0,?,?,?,?,00007FFF414B334D), ref: 00007FFF414B3718
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                          • API String ID: 916704608-2084034818
                                                                                                                                                                                                                          • Opcode ID: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                                                                                                          • Instruction ID: 4fa4ff49ac3ded089d9f57cfc5829e5b5da043059816c632fd88f787823ebe71
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD31AF21F1EA4291EF33AB16E980A7563E8BF4AB64F594534DD1D0B3A0EF3CE4468700
                                                                                                                                                                                                                          Function 00007FFF3C4FFF6C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C4FFFB7
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C4FFFD7
                                                                                                                                                                                                                          • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C4FFFFA
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C50001A
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F12
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F38
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F50
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF3C4FFFE1
                                                                                                                                                                                                                          • :AM:am:PM:pm, xrefs: 00007FFF3C500042
                                                                                                                                                                                                                          • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFF3C500024
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                                                                                                                                          • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                          • API String ID: 1539549574-35662545
                                                                                                                                                                                                                          • Opcode ID: 7aeabda0e4e4f149d23de0a0a6287a6ab5e3eff2c83020dab8bdca83acb646d5
                                                                                                                                                                                                                          • Instruction ID: 00b0714f5f647c2070988d74c05af49d5b9b8aa1d9598071d434d3573eecba86
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7aeabda0e4e4f149d23de0a0a6287a6ab5e3eff2c83020dab8bdca83acb646d5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83315C36A04B868AEB00EF21E8442A977E1FB98F84F4A8135DE4D43756DF3CE181D740
                                                                                                                                                                                                                          Function 00007FFF3C4E6F10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4E6F52
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4E6F72
                                                                                                                                                                                                                          • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4E6F90
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4E6FB0
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4F70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4E6FAD,?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4D4F99
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4F70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4E6FAD,?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4D4FC8
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4F70: memcpy.VCRUNTIME140(?,?,00000000,00007FFF3C4E6FAD,?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4D4FDF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF3C4E6F7C
                                                                                                                                                                                                                          • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFF3C4E6FBA
                                                                                                                                                                                                                          • :AM:am:PM:pm, xrefs: 00007FFF3C4E6FCA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                                                                                                                                          • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                          • API String ID: 1539549574-3743323925
                                                                                                                                                                                                                          • Opcode ID: 3e6d0835d4a47598dfb3552d3a194903f698fb29ad8629dcbbf3a07e1645c30e
                                                                                                                                                                                                                          • Instruction ID: 239a10c29c944ce2e3ed9efe3db29d3dd209a718d9e01abec4809f5fb2a58105
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e6d0835d4a47598dfb3552d3a194903f698fb29ad8629dcbbf3a07e1645c30e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB215A22A09B4686EA11EF21E8403A973F0FB84F94F495135EB4E43766EF3CE580D740
                                                                                                                                                                                                                          Function 00007FFF3D722E1C Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$AdjustPointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1501936508-0
                                                                                                                                                                                                                          • Opcode ID: f0706fa7c64a0a7492f233c4046144e15a2d0b25a5c3bc49f148db7cf339c299
                                                                                                                                                                                                                          • Instruction ID: 38fd857989223725548dda781551105df5f7308f56a5c7059c131be0cb55a6a0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0706fa7c64a0a7492f233c4046144e15a2d0b25a5c3bc49f148db7cf339c299
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1516D22E0AACEC1EB659B95948863C63D4AF44F90B19853ADA4D06795FF3CF642E340
                                                                                                                                                                                                                          Function 00007FFF3D722C38 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$AdjustPointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1501936508-0
                                                                                                                                                                                                                          • Opcode ID: 77d40a3a750292ef56bb7ba82bc0b9b507dfb24b3446034ca75943c21c5ab11f
                                                                                                                                                                                                                          • Instruction ID: 3e23abc652d9f6b89a8100a70f31dba6d50056b19b63ff82fecfd4c08202d1c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77d40a3a750292ef56bb7ba82bc0b9b507dfb24b3446034ca75943c21c5ab11f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72519D32E0AACE82FB659B94D44463C63E4AF54F94B094436CE4D06B94FF2CF642E340
                                                                                                                                                                                                                          Function 00007FFF3C4DB438 Relevance: 10.9, APIs: 7, Instructions: 392stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturnmemsetstrcspn$localeconv
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4135771353-0
                                                                                                                                                                                                                          • Opcode ID: cf421af5cabedf8228f8c10338f1097def40aa3310b7af1aaf7793cbfb7df88f
                                                                                                                                                                                                                          • Instruction ID: 5371540a2c2cf19b8c2282a299e7fc3a1f934e89162538c18dac9dfde50dbcd6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf421af5cabedf8228f8c10338f1097def40aa3310b7af1aaf7793cbfb7df88f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F1BF22F08A868AFB11EF65D4882BC67F1EF48B98F554131DE4D17796DE38E446E340
                                                                                                                                                                                                                          Function 00007FFF3D72EBB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID: {for
                                                                                                                                                                                                                          • API String ID: 2943138195-864106941
                                                                                                                                                                                                                          • Opcode ID: 843ce90981090cc763d5b819b1a82c1911c4347c90cb61675e3ef59b1b7081ca
                                                                                                                                                                                                                          • Instruction ID: 0bb27f26718aa60952553c9a904f83983bf19f57e4698d98256c73b2c6c19f68
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 843ce90981090cc763d5b819b1a82c1911c4347c90cb61675e3ef59b1b7081ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7512972A18A89ADE7019FA4D5413EC37E1EB48748F848032EA4D0BB99EF7CE655D340
                                                                                                                                                                                                                          Function 00007FFF3C4DDF00 Relevance: 10.6, APIs: 7, Instructions: 110COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?,00007FFF3C4E14FF,?,?,?,?,00000000,00007FFF3C4DB771), ref: 00007FFF3C4DDFD0
                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?,00007FFF3C4E14FF,?,?,?,?,00000000,00007FFF3C4DB771), ref: 00007FFF3C4DDFE0
                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?,00007FFF3C4E14FF,?,?,?,?,00000000,00007FFF3C4DB771), ref: 00007FFF3C4DDFF5
                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,00007FFF3C4E14FF,?,?,?,?,00000000,00007FFF3C4DB771), ref: 00007FFF3C4DE029
                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?,00007FFF3C4E14FF,?,?,?,?,00000000,00007FFF3C4DB771), ref: 00007FFF3C4DE033
                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?,00007FFF3C4E14FF,?,?,?,?,00000000,00007FFF3C4DB771), ref: 00007FFF3C4DE043
                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?,00007FFF3C4E14FF,?,?,?,?,00000000,00007FFF3C4DB771), ref: 00007FFF3C4DE053
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C5219FC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4D5C08), ref: 00007FFF3C521A16
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy$memset$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2538139528-0
                                                                                                                                                                                                                          • Opcode ID: 80e48887ca86f42cc658512a3ff8db71c282a905c9dcd018905c5bbb3517e318
                                                                                                                                                                                                                          • Instruction ID: b1720d84912a53728e130c762b9ccd6ff1a3bcfcfd21032860a0cb52e5f269ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80e48887ca86f42cc658512a3ff8db71c282a905c9dcd018905c5bbb3517e318
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3341E475B0868581EA00EF16E9482AE63E1FB04FD8F544536DF5D0BB9ADE7CE0529350
                                                                                                                                                                                                                          Function 00007FFF3C4E4E40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrowsetvbufstd::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                          • API String ID: 2924853686-1866435925
                                                                                                                                                                                                                          • Opcode ID: 47805a345854c529338c07a9419415b658b8feda0283bc78d48a2660156df3fe
                                                                                                                                                                                                                          • Instruction ID: f53877ae86af8bd34d3ec2a77da7a27e94ce0038a72b2f2f69a481cc6a8a7966
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47805a345854c529338c07a9419415b658b8feda0283bc78d48a2660156df3fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0141A972A18B8696EB54CFB4E4803A833E0FB14B98F465531DA4C4779ADF3CE5A4D740
                                                                                                                                                                                                                          Function 00007FFF3C4F2004 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFF3C4F2032
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          • _Maklocstr.LIBCPMT ref: 00007FFF3C4F20AB
                                                                                                                                                                                                                          • _Maklocstr.LIBCPMT ref: 00007FFF3C4F20C1
                                                                                                                                                                                                                          • _Getvals.LIBCPMT ref: 00007FFF3C4F2166
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Maklocstr$Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                          • API String ID: 2626534690-2658103896
                                                                                                                                                                                                                          • Opcode ID: bee9dad042fd688f61686e8a29264512e6ac662606b53b82c80f7019d71309fe
                                                                                                                                                                                                                          • Instruction ID: 6da998925b6c2c34c7b102d3fb9d0327a80539bb13a4357a2302fab8b44e3496
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bee9dad042fd688f61686e8a29264512e6ac662606b53b82c80f7019d71309fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6415922B08A9199E710DF74E4401ED33F1FB9878CB415226EE4D27A59EF38D696D344
                                                                                                                                                                                                                          Function 00007FFF3D72E184 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: NameName::atol
                                                                                                                                                                                                                          • String ID: `template-parameter$void
                                                                                                                                                                                                                          • API String ID: 2130343216-4057429177
                                                                                                                                                                                                                          • Opcode ID: 37dc88686286ae883caf861cfcc370a32d0b887e3358d6a576a3fa5485c4a12c
                                                                                                                                                                                                                          • Instruction ID: 489173f079b13e5b0b7da610c2ade974af3ea68ee472455596965a04b97e1435
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37dc88686286ae883caf861cfcc370a32d0b887e3358d6a576a3fa5485c4a12c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E412622F18B9A88FB108BE4D8512EC23F1BB48B88F951135DE4D26B59EF7CE545D380
                                                                                                                                                                                                                          Function 00007FFF3D728EC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+Replicator::operator[]
                                                                                                                                                                                                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                                                          • API String ID: 1405650943-2211150622
                                                                                                                                                                                                                          • Opcode ID: bbc19fe8acb2af624d1aa6c3fda2c2c3f4ee9ad2dfe93a969b1fef282e9c5a3b
                                                                                                                                                                                                                          • Instruction ID: 9d8959894403b6b5cbf79799598220a4ec61912d1b9166c985107b677950fd3d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbc19fe8acb2af624d1aa6c3fda2c2c3f4ee9ad2dfe93a969b1fef282e9c5a3b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A24149B2E08B8A9DF7058BA4D8902BC77E1BB08348F944531DA4C167A5FF7DBA44E740
                                                                                                                                                                                                                          Function 00007FFF3D72ACD8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID: char $int $long $short $unsigned
                                                                                                                                                                                                                          • API String ID: 2943138195-3894466517
                                                                                                                                                                                                                          • Opcode ID: d543906abe76930c5ae4e84494e2eda85b894ff74c2d28b68c5523291a1a48d2
                                                                                                                                                                                                                          • Instruction ID: 05ad6d14a1efee8d62048547b7d2d417604b44772c9b4a0b295088e27ff0ef1a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d543906abe76930c5ae4e84494e2eda85b894ff74c2d28b68c5523291a1a48d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C314772E18A9A8DEB158FB8E8541BC27F0BB09B48F448135DA4C56B6CEE3CF544E740
                                                                                                                                                                                                                          Function 00007FFF3C506F60 Relevance: 9.2, APIs: 6, Instructions: 235COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Dunscale$_errno
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2900277114-0
                                                                                                                                                                                                                          • Opcode ID: e6cd1ca0f90a544f70e1183bb1102f176de5b7124949166c862e8460281ebf53
                                                                                                                                                                                                                          • Instruction ID: 6dfae69a12006ca6f5aa7cb09e7f67f7aa25ec19cc9961c258a140c95301f6ad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6cd1ca0f90a544f70e1183bb1102f176de5b7124949166c862e8460281ebf53
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82A10622D18E5B9AEB91CE34C5901BD23E2FF55BD8F524331EA4E56585EF38E492E300
                                                                                                                                                                                                                          Function 00007FFF3C4FE938 Relevance: 9.2, APIs: 6, Instructions: 235COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Dunscale$_errno
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2900277114-0
                                                                                                                                                                                                                          • Opcode ID: 018b2febf4e662f9f7087985f0e7d920f69676e93f0554d90feac40c922dbb90
                                                                                                                                                                                                                          • Instruction ID: d33d47ba10ecd2308bef75c4de95bc2dd6774f0545bb89b5bb65384ab2dc0495
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 018b2febf4e662f9f7087985f0e7d920f69676e93f0554d90feac40c922dbb90
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DEA1E132D0868A9AEB10DE26C5C00BD67D2FF1578EF568631FB0E125D5EF38B496A700
                                                                                                                                                                                                                          Function 00007FFF3C4D9060 Relevance: 9.2, APIs: 6, Instructions: 182COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: fgetc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2807381905-0
                                                                                                                                                                                                                          • Opcode ID: d065d661809670cc5a96facd9b485a20526c76d1415a7cc54be9045511bddec9
                                                                                                                                                                                                                          • Instruction ID: 27473c8846b85d00abc752f019d12f50c26d0137dc9106c5c2baa35fa5bebac4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d065d661809670cc5a96facd9b485a20526c76d1415a7cc54be9045511bddec9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65817A33609A8189EB50DF25D4D43AC33E0FBA8B58F454632EB5E87A99DF38D554E310
                                                                                                                                                                                                                          Function 00007FFF3C507940 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Xp_setn$Xp_addx$isspaceisxdigit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2908567333-0
                                                                                                                                                                                                                          • Opcode ID: 1ec0a3fc9b641c2052d7ad87ab138f68e2e7bf018f14069de87e0c4f64062613
                                                                                                                                                                                                                          • Instruction ID: 4e98cf46f9219e8ffde1e41de5c9b1696475881751a379479d64d56800060f24
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ec0a3fc9b641c2052d7ad87ab138f68e2e7bf018f14069de87e0c4f64062613
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E610822B1C95292E791DE61E4815FE67E0FB94B84F510132EE4E93685EE3CD50AD700
                                                                                                                                                                                                                          Function 00007FFF3C5081C0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Xp_setn$Xp_addx$isspaceisxdigit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2908567333-0
                                                                                                                                                                                                                          • Opcode ID: 3cab3408bf8d741f737a811a67183fd7d774d414e4d2081581f5908d39fd8b3c
                                                                                                                                                                                                                          • Instruction ID: 9d808d5ea6df5f21e0bb960c50c073563896f825ac712443703d38f88c5b6c33
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cab3408bf8d741f737a811a67183fd7d774d414e4d2081581f5908d39fd8b3c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0461C523B1CA5282EB91DF61E8815EE67E0FF94B44F510536EE4E93A86DE3CD4499700
                                                                                                                                                                                                                          Function 00007FFF3C50A1D0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3490103321-0
                                                                                                                                                                                                                          • Opcode ID: 99485b05d70c4dce383f70887bb1d89afed8e49422c62919471775cf5c16d78a
                                                                                                                                                                                                                          • Instruction ID: 3c4785c9808e0aaa71d1f4b9f5dcac5845dbb42f5a88d6640902bfe043f69729
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99485b05d70c4dce383f70887bb1d89afed8e49422c62919471775cf5c16d78a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9661F622B1C65282EB91DF61E4805FE67E0FF85B44F514132EE4E93A86DF3CD44A9B00
                                                                                                                                                                                                                          Function 00007FFF3C509A30 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3490103321-0
                                                                                                                                                                                                                          • Opcode ID: dad5603ec8706e78effbcd76a25f40d86f1d503a8bd75634513e97ff5dfdc010
                                                                                                                                                                                                                          • Instruction ID: 7d4bdd1a5536ad11b8225205d0de73c1aacd2231398b3ca95d573dba845daae8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dad5603ec8706e78effbcd76a25f40d86f1d503a8bd75634513e97ff5dfdc010
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2461D622F1C65282E791DE61E4801FE67E0FB95B44F514132EE4E93689DF3CD54AEB00
                                                                                                                                                                                                                          Function 00007FFF3D72AE00 Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+$NameName::
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 168861036-0
                                                                                                                                                                                                                          • Opcode ID: 2525277bc558616bb67a30a3331fd7d08be3bd4bec0defa2e2d618cc86f76eb6
                                                                                                                                                                                                                          • Instruction ID: 84b3a34fb21b1d51bfcfd92a7aeadc40080fdf6e4a2e5086514739d147b3b0ef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2525277bc558616bb67a30a3331fd7d08be3bd4bec0defa2e2d618cc86f76eb6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28714772A18B9A89E716CBA4D8803BC37E1BB54744F948036DA4D1B79AEF7DF441E340
                                                                                                                                                                                                                          Function 00007FFF3C4DA030 Relevance: 9.1, APIs: 6, Instructions: 94fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHandle$CloseCreateInformation
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1240749428-0
                                                                                                                                                                                                                          • Opcode ID: 331048bd46d995d148c9521f1c3bdc77440cb157a060c80cfc022df07c413caa
                                                                                                                                                                                                                          • Instruction ID: eb7060ef7931d34a67bae44150016d54f70fa376ce195c73c30db9dd076b0564
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 331048bd46d995d148c9521f1c3bdc77440cb157a060c80cfc022df07c413caa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6741DD32F086418AF760DF75E8847BE23F0AB58BACF414735EE1C42A95DF38A5989700
                                                                                                                                                                                                                          Function 00007FFF3C4E2690 Relevance: 9.1, APIs: 6, Instructions: 92threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 184115430-0
                                                                                                                                                                                                                          • Opcode ID: c3cdb7ed25ae08968af8efc336aaae85e49c97064b0acd8c2e1e1d8a1a4d6231
                                                                                                                                                                                                                          • Instruction ID: 4e99e12e8e6db810d5dc445d5b56de32f93a6144e79787f4328bf7f047a40481
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3cdb7ed25ae08968af8efc336aaae85e49c97064b0acd8c2e1e1d8a1a4d6231
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4412C36E18A0286EB749F32D88027973E0FB14B48F524435D64E42794DF3CF895EB01
                                                                                                                                                                                                                          Function 00007FFF3D7269F0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3741236498-0
                                                                                                                                                                                                                          • Opcode ID: 080442bbed9b7baa97cf181390621352c52238d50ff0bc3b3759bb2dfd2316c3
                                                                                                                                                                                                                          • Instruction ID: abab5fe7312126930f3291bf31edf876310e65dd313bf2a0adcab558d6b3fa6b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 080442bbed9b7baa97cf181390621352c52238d50ff0bc3b3759bb2dfd2316c3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6319222A1AB9950EB25DB56990456D23E0FF09BE0B598536DE2D03380FE3DE441D340
                                                                                                                                                                                                                          Function 00007FFF3C4D2F90 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFF3C4D60A6), ref: 00007FFF3C4D2F99
                                                                                                                                                                                                                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4D60A6), ref: 00007FFF3C4D2FAB
                                                                                                                                                                                                                          • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFF3C4D60A6), ref: 00007FFF3C4D2FBA
                                                                                                                                                                                                                          • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFF3C4D60A6), ref: 00007FFF3C4D3020
                                                                                                                                                                                                                          • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFF3C4D60A6), ref: 00007FFF3C4D302E
                                                                                                                                                                                                                          • _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00007FFF3C4D60A6), ref: 00007FFF3C4D3041
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __pctype_func$___lc_codepage_func___lc_locale_name_func_wcsdupcalloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 490008815-0
                                                                                                                                                                                                                          • Opcode ID: 107e66dceef68c19cba3e477cb3166ac5d7236672a125cea21169af1fc22d59b
                                                                                                                                                                                                                          • Instruction ID: 88b324cc83540de5cae45f9c50f70c41cf71e094311b71645a12766fc38666e6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 107e66dceef68c19cba3e477cb3166ac5d7236672a125cea21169af1fc22d59b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40212726D08B8582E7419F38C94527823E0FBA9F48F55A224CE8806226EF79E2E5D340
                                                                                                                                                                                                                          Function 00007FFF3D723F60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                          • API String ID: 2889003569-2084237596
                                                                                                                                                                                                                          • Opcode ID: 38147febd4ea3e6e4a78b6d94c663964a46ac19bb27c7a49567d3dd21f0893b1
                                                                                                                                                                                                                          • Instruction ID: 26c04c0d9e4bfb74edc7644d7ab0905bc30c7b147c50128a29c47e86561c63a8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38147febd4ea3e6e4a78b6d94c663964a46ac19bb27c7a49567d3dd21f0893b1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A691A173A087D98AE721CBB5E8402AD7BE0F754788F14412AEE8D17B59EF38E195D700
                                                                                                                                                                                                                          Function 00007FFF414B1B44 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                          • API String ID: 2889003569-2084237596
                                                                                                                                                                                                                          • Opcode ID: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                                                                                                          • Instruction ID: a3b449e979889971f0dcd40243f14a22695c256e3d6577925b1436358f0be0dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1491B573E08B818AE721EB65E8806AD77F0FB46788F144135EA8D17769DF38E195C700
                                                                                                                                                                                                                          Function 00007FFF3D72C550 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                                                                                                                          • API String ID: 2943138195-757766384
                                                                                                                                                                                                                          • Opcode ID: 792524ca3cb326ee1ddc7ad9f90e01459882d709a2987deaa3b684760cdbdca5
                                                                                                                                                                                                                          • Instruction ID: 11c398acfb456a14e77bc0df478b188c8a1ac1aacb96789fd31d90bf19653e11
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 792524ca3cb326ee1ddc7ad9f90e01459882d709a2987deaa3b684760cdbdca5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF716A72A08B8A88FB148FA5D8500BD67E4BB15784F845535EA4D17B98FF3EF260E340
                                                                                                                                                                                                                          Function 00007FFF414B20C8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __except_validate_context_record.LIBVCRUNTIME ref: 00007FFF414B20F2
                                                                                                                                                                                                                            • Part of subcall function 00007FFF414B3524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFF414B1222), ref: 00007FFF414B3564
                                                                                                                                                                                                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFF414B2247
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$__except_validate_context_record
                                                                                                                                                                                                                          • String ID: $csm$csm
                                                                                                                                                                                                                          • API String ID: 3000080923-1512788406
                                                                                                                                                                                                                          • Opcode ID: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                                                                                                          • Instruction ID: 4cb1c85c8a674b0b442d046520a23d17cdef8bcc6d3ff2d3c7ca5857c1d75422
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C71BF72D0D68186DB76AF25D490E7A7BE1FB06B85F049131DB9C47AA9CF2CE491CB00
                                                                                                                                                                                                                          Function 00007FFF3D723CF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                          • API String ID: 2889003569-2084237596
                                                                                                                                                                                                                          • Opcode ID: 82646d7cab88117c06501068e7e04168047599fc5f0013deb61a5a573c37227d
                                                                                                                                                                                                                          • Instruction ID: 69144e43b2ad789752b2d35d81163674179032005e8db81ba7d041392cd37039
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82646d7cab88117c06501068e7e04168047599fc5f0013deb61a5a573c37227d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64617F32D08BC981E7618B55E4803AEB7A0FB85B94F044229EB9D07B55EF7CE195CB00
                                                                                                                                                                                                                          Function 00007FFF3D725C50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHeader
                                                                                                                                                                                                                          • String ID: MOC$RCC$csm$csm
                                                                                                                                                                                                                          • API String ID: 104395404-1441736206
                                                                                                                                                                                                                          • Opcode ID: 4b6f8f644bd4ef04a393d3bb1b96f78be418c55213885cdd627a59364db23340
                                                                                                                                                                                                                          • Instruction ID: beaa3785676e3c864f9bd386ed54ae4559d8400254c217fcf6ca8e79732f74b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b6f8f644bd4ef04a393d3bb1b96f78be418c55213885cdd627a59364db23340
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F517A32E096CA87EB649FA5918017E26E0FF44B90F14413AEA4D57B81FF3CF861A741
                                                                                                                                                                                                                          Function 00007FFF3C4F1EBC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFF3C4EE2B8), ref: 00007FFF3C4F1EFE
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4DBCDC: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4FFFF6,?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C4DBD07
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4DBCDC: memcpy.VCRUNTIME140(?,?,00000000,00007FFF3C4FFFF6,?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C4DBD23
                                                                                                                                                                                                                          • _Getvals.LIBCPMT ref: 00007FFF3C4F1F3B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemcpy
                                                                                                                                                                                                                          • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                                                          • API String ID: 3848194746-3573081731
                                                                                                                                                                                                                          • Opcode ID: 43d7cb6c86fcbb5da0292524127ac9c93a52f3c08d6ba4ee43fe738f6773ccc9
                                                                                                                                                                                                                          • Instruction ID: 5ac27c8b80dc558cdb0f5b55c4c929df3633898b32602f3c3aa257ef00168ac9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43d7cb6c86fcbb5da0292524127ac9c93a52f3c08d6ba4ee43fe738f6773ccc9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C241B872E08B868BE724CB21C58037D7BE0FB54B89F064226DB8943A41DF79F4A1DB00
                                                                                                                                                                                                                          Function 00007FFF3C4F2190 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFF3C4F21BE
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          • _Maklocstr.LIBCPMT ref: 00007FFF3C4F2237
                                                                                                                                                                                                                          • _Maklocstr.LIBCPMT ref: 00007FFF3C4F224D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                          • API String ID: 309754672-2658103896
                                                                                                                                                                                                                          • Opcode ID: 55b7f5c3dcbba11b6f0af3a8532ccc0b42c9bf1c4424f5502c43fbdbe24671fa
                                                                                                                                                                                                                          • Instruction ID: eeb757352f6d82fe26935310cb2d0c4e258a01de552738d823e62eac465bc728
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55b7f5c3dcbba11b6f0af3a8532ccc0b42c9bf1c4424f5502c43fbdbe24671fa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD415822B18B5599E710DFB0E4801ED33F0FB88B88B415126EE4E27B59EF38D5A5D394
                                                                                                                                                                                                                          Function 00007FFF3C4D8510 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                          • API String ID: 2003779279-1866435925
                                                                                                                                                                                                                          • Opcode ID: 30f8a19ad05608d569e801936d8c4b8b521464ba700c6576b76e7c3c36028168
                                                                                                                                                                                                                          • Instruction ID: 9657f4f6568a95653dd0d13a05dc3e68f19378ef2f680108f0ce738dd8ccb645
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30f8a19ad05608d569e801936d8c4b8b521464ba700c6576b76e7c3c36028168
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0210062A1864692EA50EB24E9953B923F0FF50BDCF854031E74D476A7CF3CE0A1D390
                                                                                                                                                                                                                          Function 00007FFF3C4D8E40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                          • API String ID: 2003779279-1866435925
                                                                                                                                                                                                                          • Opcode ID: cc233273bfa1c65513c7e67a78c24352da40431d14dba0be8c4d666a4457c28a
                                                                                                                                                                                                                          • Instruction ID: 9efda7663d82649fb6878fa25e69010df30dfa201d41a6b3be2229d5015d2142
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc233273bfa1c65513c7e67a78c24352da40431d14dba0be8c4d666a4457c28a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F0D662A1850696EE94EB00E8866F523E1FB50B48F954830E20D4B5B6DF3DE586D790
                                                                                                                                                                                                                          Function 00007FFF3C4E5480 Relevance: 7.8, APIs: 5, Instructions: 310stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1326169664-0
                                                                                                                                                                                                                          • Opcode ID: eab38580ea290c77ceb2d98c0e29cea7fa803fa9bac279bfc6bf22addd717eee
                                                                                                                                                                                                                          • Instruction ID: f91782388574b75545b57223f647c34052a5317353c0a03f2ac2ad8e4d991ec8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eab38580ea290c77ceb2d98c0e29cea7fa803fa9bac279bfc6bf22addd717eee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5D17A22B08B458AEB10EFB5D9806AC63F1FB48B88F924136DE8D17B59DF38E555D340
                                                                                                                                                                                                                          Function 00007FFF3C4E5900 Relevance: 7.8, APIs: 5, Instructions: 310stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1326169664-0
                                                                                                                                                                                                                          • Opcode ID: b7ad8d1a14d3e280bfd2c9fee2ac01e34bfd42449dc3e592b0acd9d047312318
                                                                                                                                                                                                                          • Instruction ID: d6b6fda4e7a6f60c15de0207dcdb3d0151fedfbe4aebad3aefc29995ae637c00
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7ad8d1a14d3e280bfd2c9fee2ac01e34bfd42449dc3e592b0acd9d047312318
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1D18922B08B458AEB10EFB5D8846AC33F1FB48B98F924126DE8D17B59DF38E445D340
                                                                                                                                                                                                                          Function 00007FFF3C4E3F30 Relevance: 7.7, APIs: 5, Instructions: 181COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: fgetwc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2948136663-0
                                                                                                                                                                                                                          • Opcode ID: 665dac064206fc39fcc1b160602d8f3236a7480ff3dc4ecc992ecfcf07001616
                                                                                                                                                                                                                          • Instruction ID: 0af88a7f401beee53757915f5a96b3a11fda70b6521014aeef8c3b839328b717
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 665dac064206fc39fcc1b160602d8f3236a7480ff3dc4ecc992ecfcf07001616
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6913872605A8189EB248F75D4D42AC73E0FB58B8CF566232EA5D47B98DF39D468E300
                                                                                                                                                                                                                          Function 00007FFF3C4DDDA4 Relevance: 7.6, APIs: 5, Instructions: 101COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpymemset$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3375828981-0
                                                                                                                                                                                                                          • Opcode ID: 2cca2d057d58f30d9e5f533c0aaedd69a1ab40bdc540b93ef6d119afabb443f8
                                                                                                                                                                                                                          • Instruction ID: 3209863a7214c7ea5356634b77f4c46c83159c138b05490be9378645c30f1eb5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cca2d057d58f30d9e5f533c0aaedd69a1ab40bdc540b93ef6d119afabb443f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29310531B08A8680EE04AF12D94837A63D5FB18FD8F454531DE5D0BB87CE7CE091A360
                                                                                                                                                                                                                          Function 00007FFF3D72A934 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: NameName::$Name::operator+
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 826178784-0
                                                                                                                                                                                                                          • Opcode ID: f8c65f689e74ec1d19f277c4e47f913f6a8a81dfac6f18ea7d1e3c5bf52b630d
                                                                                                                                                                                                                          • Instruction ID: 57aa18c19b668728c21137a5b077ce2d0a69b25ccfd89983668aa99ad6234ee1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8c65f689e74ec1d19f277c4e47f913f6a8a81dfac6f18ea7d1e3c5bf52b630d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73414A22A19A9A98EB10CBA2E9901FC37F4BF15B84B944032DA8D53795FF3CF555E340
                                                                                                                                                                                                                          Function 00007FFF3C4E20C0 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ConditionSleepVariablesys_get_time$abort
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 312482523-0
                                                                                                                                                                                                                          • Opcode ID: 96e7f8842942c3b2d73b7ecb98c68e85d53a45951b14d07eaa20537ba165998a
                                                                                                                                                                                                                          • Instruction ID: 18c07921bc9c12d2d8ae905f3c07d89f18ae0339af35ca72253abfbae27ccb95
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96e7f8842942c3b2d73b7ecb98c68e85d53a45951b14d07eaa20537ba165998a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA11D352B0860252FA64AB35E9915BA53D0BF95BD8F824430EE0E47B82EE2CF605E600
                                                                                                                                                                                                                          Function 00007FFF3C4D4DC0 Relevance: 7.5, APIs: 6, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4E1820: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FFF3C4D4DCE,?,?,00000000,00007FFF3C4D5C6B), ref: 00007FFF3C4E182F
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4D5C6B), ref: 00007FFF3C4D4DD7
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4D5C6B), ref: 00007FFF3C4D4DEB
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4D5C6B), ref: 00007FFF3C4D4DFF
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4D5C6B), ref: 00007FFF3C4D4E13
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4D5C6B), ref: 00007FFF3C4D4E27
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4D5C6B), ref: 00007FFF3C4D4E3B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$setlocale
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 294139027-0
                                                                                                                                                                                                                          • Opcode ID: b8b63cebef85047749179442e3fa845e3ea1b3d86ead0dd43191662547eaa13f
                                                                                                                                                                                                                          • Instruction ID: d0c22f6163855172bac438a4f83ac8c45092fda3f425008ad909784380a152b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8b63cebef85047749179442e3fa845e3ea1b3d86ead0dd43191662547eaa13f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1110922A06A4699FF59AF61D4E9338A3E0EF54F1CF192134CA0E09549CF6DD894E3D0
                                                                                                                                                                                                                          Function 00007FFF3C4DA620 Relevance: 7.5, APIs: 5, Instructions: 38fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFileHandleLast$CloseCreateInformation
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1345328482-0
                                                                                                                                                                                                                          • Opcode ID: 04d2d814376d6bb09ae3f009730217eeab747e51e620414779b4025d1308134d
                                                                                                                                                                                                                          • Instruction ID: 124f214db7cb7ae57be4b2aea43c43f07af58db75e90aa2a881b1fccedfa7d65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04d2d814376d6bb09ae3f009730217eeab747e51e620414779b4025d1308134d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F018C31A0874482E740AF56F948529B7E4BB94FA0F884231DB6943BE0DF78E819DB00
                                                                                                                                                                                                                          Function 00007FFF3C4E2650 Relevance: 7.5, APIs: 5, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __acrt_iob_func$abortfputcfputs
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2697642930-0
                                                                                                                                                                                                                          • Opcode ID: 2adc80e6c34f3fa97c52d98cabc675c8c2609d902c37e0c04ff45394e3927edd
                                                                                                                                                                                                                          • Instruction ID: 78b9a4fc4389bbb6cf69a0d3568fbf6f7b2aad8b48ab56a75cff1474adac737c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2adc80e6c34f3fa97c52d98cabc675c8c2609d902c37e0c04ff45394e3927edd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8E06764B0860686E6883FE1EC1D33992E6EF4CFA2F840438C90F463A2DD2C64896311
                                                                                                                                                                                                                          Function 00007FFF3D72470C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3D726E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFF3D7229EE), ref: 00007FFF3D726E56
                                                                                                                                                                                                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFF3D72488B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort
                                                                                                                                                                                                                          • String ID: $csm$csm
                                                                                                                                                                                                                          • API String ID: 4206212132-1512788406
                                                                                                                                                                                                                          • Opcode ID: bbeebd1b8dc6bb018cbb3e2007e3860d9f81b2d26c669440cff39126283f8657
                                                                                                                                                                                                                          • Instruction ID: 3ad244e88cf9f4f756c9eeb67715602805c6912dac72357d4f0c9eb86e8442d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbeebd1b8dc6bb018cbb3e2007e3860d9f81b2d26c669440cff39126283f8657
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A71BB72A086D986DB218FA5D48077DBBE0FB11B88F048136DA8C07B89EB3CE551E740
                                                                                                                                                                                                                          Function 00007FFF3D7244E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3D726E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFF3D7229EE), ref: 00007FFF3D726E56
                                                                                                                                                                                                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFF3D7245DB
                                                                                                                                                                                                                          • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFF3D7245EB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                          • API String ID: 4108983575-3733052814
                                                                                                                                                                                                                          • Opcode ID: 73f04ae2f99dd10f8d311029635b97aaf7a618db7278283a49f5dcc94daca835
                                                                                                                                                                                                                          • Instruction ID: 444b22b04e3d6ef92e679e3032329317955a31ca612c28df7dd761908ac4f87f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73f04ae2f99dd10f8d311029635b97aaf7a618db7278283a49f5dcc94daca835
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E51A172A086CA86EB748FA2944436D77E0FB60B98F144136DA8C47B95EF3CF461DB00
                                                                                                                                                                                                                          Function 00007FFF3C508550 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFF3C507992), ref: 00007FFF3C50857C
                                                                                                                                                                                                                          • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFF3C507992), ref: 00007FFF3C5085D8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: isspaceisxdigit
                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                          • API String ID: 2593999819-3887548279
                                                                                                                                                                                                                          • Opcode ID: fc7c23a7c039567d67a04b920b16e867f2505d07ebadceb99d7f16e0dd909cea
                                                                                                                                                                                                                          • Instruction ID: 94b57e4058091090be76e1f1b2e7956e5b9443a5df719b191983954bf942500c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc7c23a7c039567d67a04b920b16e867f2505d07ebadceb99d7f16e0dd909cea
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB41B91390C69645FBA48F305454AB96BD5AF25F84F0F5470CBE98B286CE2EF806A710
                                                                                                                                                                                                                          Function 00007FFF3C50A448 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFF3C509A82), ref: 00007FFF3C50A475
                                                                                                                                                                                                                          • iswxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFF3C509A82), ref: 00007FFF3C50A4E0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: iswspaceiswxdigit
                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                          • API String ID: 1229460652-3887548279
                                                                                                                                                                                                                          • Opcode ID: deebbfd38f7587fa7528bdad45480f99d0ec9165af0fa8f62bcc5bd453822d63
                                                                                                                                                                                                                          • Instruction ID: 2d3758f26c741badc1aac7e1bb65db62ef3cd242cb8e45a7fd21543da7a9e8fd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: deebbfd38f7587fa7528bdad45480f99d0ec9165af0fa8f62bcc5bd453822d63
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4841A566A045B385FFA49F6194151B972E1FF10F84F4A8032DE8D87199EF3CE885F210
                                                                                                                                                                                                                          Function 00007FFF414B2600 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$CreateFrameInfo__except_validate_context_record
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 444109036-1018135373
                                                                                                                                                                                                                          • Opcode ID: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                                                                                                          • Instruction ID: cff916381e09c7d9c44b63861c1f3ccefc21802209bde0c04fad932d5b628e30
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E513E76A1D68186DB31EB26E581A6E77E4F78AB90F141134EB8D07B65CF3CE451CB00
                                                                                                                                                                                                                          Function 00007FFF3C4D2560 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Exception$RaiseThrowabort
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 3758033050-1018135373
                                                                                                                                                                                                                          • Opcode ID: 261c4afda17c09415e2c6af5b9966bee539a50c597a23ed9b9d364709685dc8f
                                                                                                                                                                                                                          • Instruction ID: c15aa9d862339204afab0f618b89122f714a36fc106e468dc84fb1f35c6fdf5f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 261c4afda17c09415e2c6af5b9966bee539a50c597a23ed9b9d364709685dc8f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97515F22904B8986EB65DF28C4902E873E0FB58B5CF159325EB5D07796DF39E5D5C300
                                                                                                                                                                                                                          Function 00007FFF3C4DF140 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFF3C4DF0C4
                                                                                                                                                                                                                          • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFF3C4DF0D6
                                                                                                                                                                                                                          • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFF3C4DF15B
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F12
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F38
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F50
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: setlocale$freemallocmemcpy
                                                                                                                                                                                                                          • String ID: bad locale name
                                                                                                                                                                                                                          • API String ID: 1663771476-1405518554
                                                                                                                                                                                                                          • Opcode ID: 08a6f5c57b1be5a9add0e273861760b4f39e67018b9fa34bd3ca70ab27e09527
                                                                                                                                                                                                                          • Instruction ID: aaa4af8d772eb786cb4bd83568ed4da03413ade0e0f3589b9beaf28f70abd558
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08a6f5c57b1be5a9add0e273861760b4f39e67018b9fa34bd3ca70ab27e09527
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3319432F0878241FB65AB16EC9817AA6F1EF94BC4F598035DE4D47796DE3CE8819310
                                                                                                                                                                                                                          Function 00007FFF3C4F1D74 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFF3C4EE108), ref: 00007FFF3C4F1DB6
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4DBCDC: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4FFFF6,?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C4DBD07
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4DBCDC: memcpy.VCRUNTIME140(?,?,00000000,00007FFF3C4FFFF6,?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C4DBD23
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4E6C8C: _Maklocstr.LIBCPMT ref: 00007FFF3C4E6CBC
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4E6C8C: _Maklocstr.LIBCPMT ref: 00007FFF3C4E6CDB
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4E6C8C: _Maklocstr.LIBCPMT ref: 00007FFF3C4E6CFA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemcpy
                                                                                                                                                                                                                          • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                                                          • API String ID: 2904694926-3573081731
                                                                                                                                                                                                                          • Opcode ID: 2cd607073df7080e69ea9131073b45ad881556beb21ddbc1d653f5db8213cc63
                                                                                                                                                                                                                          • Instruction ID: e02cd9832ac467e7698e48e450920dc7ab734db61000cf6a8f84929e36a556e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cd607073df7080e69ea9131073b45ad881556beb21ddbc1d653f5db8213cc63
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2141BA72A08B868BE724CF21D19037D7BE0FB44B85F064225C74A83A41DF39F4A5DB00
                                                                                                                                                                                                                          Function 00007FFF3C502AB4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFF3C500F78), ref: 00007FFF3C502AF6
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4DBCDC: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4FFFF6,?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C4DBD07
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4DBCDC: memcpy.VCRUNTIME140(?,?,00000000,00007FFF3C4FFFF6,?,?,?,?,?,?,?,?,00000000,00007FFF3C50113E), ref: 00007FFF3C4DBD23
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemcpy
                                                                                                                                                                                                                          • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                                                          • API String ID: 3376215315-3573081731
                                                                                                                                                                                                                          • Opcode ID: eb719774cfb62a90454d1891f9ce1a371d1c892a1e2510fd0456a6b8d0b369e9
                                                                                                                                                                                                                          • Instruction ID: 16b409d7e10670578fefc0b35609d0c6881190b2b24f1a0ef36ffc7b837526bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb719774cfb62a90454d1891f9ce1a371d1c892a1e2510fd0456a6b8d0b369e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5741AE72A08BA68BE7A4CF25D99036D7BE0FB55B81F064235CB4983A41DF78F4A5D700
                                                                                                                                                                                                                          Function 00007FFF3D72B12C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: NameName::
                                                                                                                                                                                                                          • String ID: %lf
                                                                                                                                                                                                                          • API String ID: 1333004437-2891890143
                                                                                                                                                                                                                          • Opcode ID: 659bed4bb908e209d6e638fb5e771b3dbb5b7a5e94ab5cc6538d6df8f816cc28
                                                                                                                                                                                                                          • Instruction ID: 3e3457184d9bdb4a1fcb1a0d4a13f77add4dcdbc427014377412678e396e6e07
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 659bed4bb908e209d6e638fb5e771b3dbb5b7a5e94ab5cc6538d6df8f816cc28
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E331C361A08BCE85E715CBA2A8550FEA3E0FF59B80F548236EA9E57755EE3CF101D340
                                                                                                                                                                                                                          Function 00007FFF3C4DA500 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindNext$wcscpy_s
                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                          • API String ID: 544952861-248832578
                                                                                                                                                                                                                          • Opcode ID: 8a3af598216dff21e458494619afe40eb37faadcb3b93049594c641d4f78051c
                                                                                                                                                                                                                          • Instruction ID: 854384332f417cd6d929f34dcf3e3782b99573e168779bab7a50b1c630f163b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a3af598216dff21e458494619afe40eb37faadcb3b93049594c641d4f78051c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5121A862A1C64286FB70AF25E8583B573E0EF48BA4F854131DA8D43685DF3CE459EB50
                                                                                                                                                                                                                          Function 00007FFF3C4D6CB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                                                                          • String ID: ios_base::badbit set
                                                                                                                                                                                                                          • API String ID: 1099746521-3882152299
                                                                                                                                                                                                                          • Opcode ID: 018ee0c90b73427b9024bd816620f1867f50948ceef7cf10cb4f2d2fa00001b7
                                                                                                                                                                                                                          • Instruction ID: b7c5b68314f986a477c9962715cfa7b6610140392951fb4173c20cd7f1e8cd31
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 018ee0c90b73427b9024bd816620f1867f50948ceef7cf10cb4f2d2fa00001b7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8012B61A2850651F658FA15E8CA6F913D2AF80748F658831D50D029A7DE3DF506E290
                                                                                                                                                                                                                          Function 00007FFF3D722A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3D726E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFF3D7229EE), ref: 00007FFF3D726E56
                                                                                                                                                                                                                          • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFF3D722A8E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abortterminate
                                                                                                                                                                                                                          • String ID: MOC$RCC$csm
                                                                                                                                                                                                                          • API String ID: 661698970-2671469338
                                                                                                                                                                                                                          • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                                                                                                          • Instruction ID: 4d3b4f1faa1c4503c39c807e5beab797b3ba4ee17f5ac51bf6cc04708f51ee11
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7F0873290868E96E7606BA1E18106D32F0FF88B50F189036CB1806252EF3CF5A0DB40
                                                                                                                                                                                                                          Function 00007FFF414B1268 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF414B3524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFF414B1222), ref: 00007FFF414B3564
                                                                                                                                                                                                                          • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFF414B12A6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abortterminate
                                                                                                                                                                                                                          • String ID: MOC$RCC$csm
                                                                                                                                                                                                                          • API String ID: 661698970-2671469338
                                                                                                                                                                                                                          • Opcode ID: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                                                                                                          • Instruction ID: 3472b7ac3a0c04b8834b9d182bfb738f84672c6586ed13419c585963504ad9d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22F04F76D1C64682EB75BB11E6C156876E4FF4AB44F095131DB4846266CF3CE4A0CA01
                                                                                                                                                                                                                          Function 000001491F708928 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1913723028.000001491F701000.00000020.00000001.01000000.00000015.sdmp, Offset: 000001491F700000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1913682810.000001491F700000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1913865226.000001491F70A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1914071467.000001491F719000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1914157056.000001491F71A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_1491f700000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                          • Opcode ID: 2e76209eb4770ae1a8cec3ed75a09310b1c056595c25d1edd3916f1c1df7f85e
                                                                                                                                                                                                                          • Instruction ID: db8aeff789b39d1304957a29e630da81b25b0d853498f1a23cd26f62194ab747
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e76209eb4770ae1a8cec3ed75a09310b1c056595c25d1edd3916f1c1df7f85e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19F0F437211B49CACB14EF21ECA02AD3764FB99BA9F495121FA8D4B769CF34C8908300
                                                                                                                                                                                                                          Function 00007FFF3D72A64C Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2943138195-0
                                                                                                                                                                                                                          • Opcode ID: 3527a2ec92af913d7f7e1f06c3a52e2048bea7df529658eb449da16ed24f77af
                                                                                                                                                                                                                          • Instruction ID: 29760350db3af95222c3fd59398d44cd8ce67394e1345d8e25d385d230d3553d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3527a2ec92af913d7f7e1f06c3a52e2048bea7df529658eb449da16ed24f77af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F913862E08AAA89FB118BA0D8403BC37F1BB54748F554036DE4D1B795EF7CB845E380
                                                                                                                                                                                                                          Function 00007FFF3C4E08E0 Relevance: 6.2, APIs: 4, Instructions: 150COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2079887105-0
                                                                                                                                                                                                                          • Opcode ID: 3bf86c15d167ca1b722685e0103f86037bcff96b1b6033d51cf2d162a52a1363
                                                                                                                                                                                                                          • Instruction ID: beef452e1b2dc6882ed7df5f51990f5fe26485e16ae1c3c3d9a07ac4485c8b73
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bf86c15d167ca1b722685e0103f86037bcff96b1b6033d51cf2d162a52a1363
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6951F173F18A858AFB108B79D8902FD63F1EB58798F424635DE6C27B95DE28E441E240
                                                                                                                                                                                                                          Function 00007FFF3C4FC500 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2079887105-0
                                                                                                                                                                                                                          • Opcode ID: 463a2c1d961d70ae2d93a223d66e599cacade6faaa673944bf5804e1b7f3acea
                                                                                                                                                                                                                          • Instruction ID: 8841a021ac81ed31969bc372f5950b8cba8d7cd2b650e24b6e9039f574b056b2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463a2c1d961d70ae2d93a223d66e599cacade6faaa673944bf5804e1b7f3acea
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3512423F18A858AF720CB74D8802FC73F1AB58BACF019631DE4C67A94EF28E444D240
                                                                                                                                                                                                                          Function 00007FFF3C4FB760 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2079887105-0
                                                                                                                                                                                                                          • Opcode ID: 28984f98ca58f18e21ceb63ea1433bc53d751f2c12ebce4a226b3e0a167273aa
                                                                                                                                                                                                                          • Instruction ID: 885f35d2e4ed9a0b115c7b268b631d0bd5ebc828c478b44aa8568aa03ebcce30
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28984f98ca58f18e21ceb63ea1433bc53d751f2c12ebce4a226b3e0a167273aa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82512523F18A898AF7108B75D8902FD63F1EF5979CF055235DE4D27A98EE28E440D340
                                                                                                                                                                                                                          Function 00007FFF3C4FB970 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2079887105-0
                                                                                                                                                                                                                          • Opcode ID: 547e2dfa5947428b3ae18f90bf3648036323453917eb86f1641c7f5b25a5a8fe
                                                                                                                                                                                                                          • Instruction ID: b5c2a69c308207dac46290c412abaafa87274735a180d97a16c54393a47192d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 547e2dfa5947428b3ae18f90bf3648036323453917eb86f1641c7f5b25a5a8fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5513423F18A858AF7108B75D8806FD63F1AF59B9CF015231EE5C27A98EE28E445E340
                                                                                                                                                                                                                          Function 00007FFF3C4E0AF0 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2079887105-0
                                                                                                                                                                                                                          • Opcode ID: 4f99b437fa0fc26efb7f597306d054b0727493c09407e56594237e33df4974a8
                                                                                                                                                                                                                          • Instruction ID: 7fe71f7cb7ce1b7511014c3201215ce655b78f6ef226d443ff3edaa95053c812
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f99b437fa0fc26efb7f597306d054b0727493c09407e56594237e33df4974a8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E651F122F18A858EFB109BB4D8902FD63F1AB5879CF024235DE5D27B95EF28E445E340
                                                                                                                                                                                                                          Function 00007FFF3C4FC2F0 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2079887105-0
                                                                                                                                                                                                                          • Opcode ID: 52c0d71795aa0355fcff9baaf47f5d7e2f62005f051148905658a4c8151e0ad5
                                                                                                                                                                                                                          • Instruction ID: 91890279681322f9b547c47994c123999136b03e4c65b8df68b4b587d955387a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52c0d71795aa0355fcff9baaf47f5d7e2f62005f051148905658a4c8151e0ad5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7510323F18A898AF720CB74D8802FD63F1AF587D8F418235DE5D67A95EE28E441D340
                                                                                                                                                                                                                          Function 00007FFF3C4EB7FC Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1775671525-0
                                                                                                                                                                                                                          • Opcode ID: 429c7b77b82fee0374b93ee0c4dfe6c600e266e95c9878b7ea233d49508b040b
                                                                                                                                                                                                                          • Instruction ID: 1ac3145bc8d97390ae21948b7bfbdeedfba83629609fce71f398d840aef6d8cb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 429c7b77b82fee0374b93ee0c4dfe6c600e266e95c9878b7ea233d49508b040b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32412275B0A65691EA049B26E58427A62D5BF04FE8F160731DE7C07BD5EE7CE042E304
                                                                                                                                                                                                                          Function 00007FFF3C4FE518 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Xp_movx$Xp_setw_errnoldexpmemcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2233944734-0
                                                                                                                                                                                                                          • Opcode ID: b062394a836a4e2e40923a72f0d4e26a89610e5abb20f155a36017309333d51b
                                                                                                                                                                                                                          • Instruction ID: 58a2b56654a3646d8982806d696ec188a4da091ea026580519a67f7547289664
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b062394a836a4e2e40923a72f0d4e26a89610e5abb20f155a36017309333d51b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D241FA22E1CA8686F3519B19D4812BE63E0BF88B49F954231EE4D17795DF3CF906A700
                                                                                                                                                                                                                          Function 00007FFF3C4D31A0 Relevance: 6.1, APIs: 4, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcislower
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2234106055-0
                                                                                                                                                                                                                          • Opcode ID: 52f5abae251336afaa4017f625e478ce211e56b8126db0b55e756538effdf990
                                                                                                                                                                                                                          • Instruction ID: 8366d18bffd1a64a3457206bb92aaf48e02f022abc406f5b08788a0f4e0cdfb6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52f5abae251336afaa4017f625e478ce211e56b8126db0b55e756538effdf990
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC31E662A0C74282F711AF15E89837D7AF1FB80BD5F594035DA8A0779AEE3CE444D720
                                                                                                                                                                                                                          Function 00007FFF3C4D3060 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcisupper
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3857474680-0
                                                                                                                                                                                                                          • Opcode ID: 7376d5eefc67f6f5de30df645cb54121da78efe5e1b63549edd76ab7568d0388
                                                                                                                                                                                                                          • Instruction ID: 6920e7115142996d4cbac093598620bdf7ec4d82001cc8d7ff89363cb68baf8a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7376d5eefc67f6f5de30df645cb54121da78efe5e1b63549edd76ab7568d0388
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3315D72A0CB4241F7119F15E88437D6AF1EB90BC5F594035DA8D0779AEE7CE484D720
                                                                                                                                                                                                                          Function 00007FFF3D72D284 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3863519203-0
                                                                                                                                                                                                                          • Opcode ID: 30a8f2f125bc470f5f47f8832dfa98d673ff8fbdfdee2d9a51f356af74556641
                                                                                                                                                                                                                          • Instruction ID: e8d404bf64ef4cea42f32e6179c0c5b939e14c7962afface64fdf653056c808b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30a8f2f125bc470f5f47f8832dfa98d673ff8fbdfdee2d9a51f356af74556641
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73412272A08B89C9EB01CFA4D8443EC37A0BB49B48F548425DA8D5B79AEF78A545D390
                                                                                                                                                                                                                          Function 00007FFF3C5097E0 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,00000000,?,?,?,00007FFF3C4FCFD4), ref: 00007FFF3C509827
                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?,?,?,00007FFF3C4FCFD4), ref: 00007FFF3C50984B
                                                                                                                                                                                                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFF3C4FCFD4), ref: 00007FFF3C509858
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFF3C4FCFD4), ref: 00007FFF3C5098CB
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D2E70: wcsnlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFF3C4D2E9A
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D2E70: LCMapStringEx.KERNEL32 ref: 00007FFF3C4D2EDE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: String___lc_locale_name_funcfreemallocmemcpywcsnlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2888714520-0
                                                                                                                                                                                                                          • Opcode ID: c4d5e758bc47d34044bf9718e525388041ed3fd6659d0db39019bcdfe8b13b09
                                                                                                                                                                                                                          • Instruction ID: d728eeacfa669f8d89bbd98f12780c41440be47626c14080106f3b6156bee6c9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4d5e758bc47d34044bf9718e525388041ed3fd6659d0db39019bcdfe8b13b09
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D212661B08BA285EBA09F12A80056AABD0FF54FE4F594231DE6D57BD8DF3CE4029340
                                                                                                                                                                                                                          Function 00007FFF3C508E40 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFF3C503DBB), ref: 00007FFF3C508E74
                                                                                                                                                                                                                          • ___lc_collate_cp_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFF3C503DBB), ref: 00007FFF3C508E7E
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D2740: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFF3C4D2786
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D2740: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFF3C4D27AB
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D2740: GetCPInfo.KERNEL32 ref: 00007FFF3C4D27EB
                                                                                                                                                                                                                          • memcmp.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFF3C503DBB), ref: 00007FFF3C508EA1
                                                                                                                                                                                                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,00007FFF3C503DBB), ref: 00007FFF3C508EDF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __strncnt$Info___lc_collate_cp_func___lc_locale_name_func_errnomemcmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3421985146-0
                                                                                                                                                                                                                          • Opcode ID: 08ab9a1cd4defa28f76ee9ac7d5f3421bd100c8117584ef399c6a0e584e041b9
                                                                                                                                                                                                                          • Instruction ID: 3e51a20335dfece200a2019616e320624f2340d26cd9a4a590d4847c0ef9519d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08ab9a1cd4defa28f76ee9ac7d5f3421bd100c8117584ef399c6a0e584e041b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90218132A0879286EB648F2AD84042DB6E4FB94FD0F594135EE5D97B95CF3CE8019704
                                                                                                                                                                                                                          Function 00007FFF3C509900 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                          • ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                          • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                          • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3203701943-0
                                                                                                                                                                                                                          • Opcode ID: b0a850728f27c648c27fe846aa2e7cbe59c6be2066502b5f54062314fecc5241
                                                                                                                                                                                                                          • Instruction ID: abac9182fa6298a05b7b3fa27601fe1f73ba954f4069606beaab433377aa9877
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0a850728f27c648c27fe846aa2e7cbe59c6be2066502b5f54062314fecc5241
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 650126A2E15B9586EB459F7AD800078F7E0FBA8F84B549235EA4E87714DF7CD0C28700
                                                                                                                                                                                                                          Function 00007FFF3C4D24C8 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                          • String ID: MOC$RCC$csm
                                                                                                                                                                                                                          • API String ID: 2803490479-2671469338
                                                                                                                                                                                                                          • Opcode ID: 186ca9cc866d11d3281b746f5bb68b981bb96cf266041ffe99b677e9713e91bc
                                                                                                                                                                                                                          • Instruction ID: e1c285df6fe83358c7286634f0f97794d56cae69970dbf7e3e6fda3143b9124d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 186ca9cc866d11d3281b746f5bb68b981bb96cf266041ffe99b677e9713e91bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5401B161A1860286EFB57E11D1E867862E1AF58BA8F595031CA0E03696CE2CFC819622
                                                                                                                                                                                                                          Function 00007FFF3D730A2C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                          • Opcode ID: d0d271f438ed08dbae623c384d3e10f076376a6d5000b6ec581f085f3f477592
                                                                                                                                                                                                                          • Instruction ID: e1e0bdf6a2e481a5400bd36c7cfa8014c2bc5c59f0633716e98944019fc355f9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0d271f438ed08dbae623c384d3e10f076376a6d5000b6ec581f085f3f477592
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52112122B14F0589EB10CFA0E8542BC33A4FB19758F480D31DA5D46754EF7CE1589380
                                                                                                                                                                                                                          Function 00007FFF3C5222C0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                          • Opcode ID: aae2076582cbedc1cb3f8c5ccaeda9bd420d6b9cb24c1c134d2564b2bb58ef93
                                                                                                                                                                                                                          • Instruction ID: 2387f1bf31a966b24335c429b1273d6ae77314b5f6772ae0535ea764a28ffef9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aae2076582cbedc1cb3f8c5ccaeda9bd420d6b9cb24c1c134d2564b2bb58ef93
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E113C26B15F068AEB40DF60EC542B833E4FB19B58F841E35EA6E467A4DF78E154D340
                                                                                                                                                                                                                          Function 00007FFF414B456C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                          • Opcode ID: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                                                                                                          • Instruction ID: c4907847b2a118c395ade406735aa2937e7a598608d0bc20163c72f4e423d9c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9113062F58F028AEB51DF64E8946B833B4FB1A758F440E31DA6D467A4DF7CD1988380
                                                                                                                                                                                                                          Function 00007FFF3D72F6A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 451473138-1018135373
                                                                                                                                                                                                                          • Opcode ID: e4c021b48a88740338c5921ea959046dd8c7dfd39424219a23c6621b5fb580c7
                                                                                                                                                                                                                          • Instruction ID: 5ed7969a57a738ebc80f61ef255ace692a5abb6fe4b84157ecb34f467ed5ead0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4c021b48a88740338c5921ea959046dd8c7dfd39424219a23c6621b5fb580c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2351A132B1969A8AEB14CB66E444A3CB7D1FB44B94F548131DA4A43788EF3CF842D700
                                                                                                                                                                                                                          Function 00007FFF3D724E40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$CreateFrameInfo
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2697087660-1018135373
                                                                                                                                                                                                                          • Opcode ID: 97157617618e05fe8c8104398669bc63cc419c1e3435ae2751fdc288269851fb
                                                                                                                                                                                                                          • Instruction ID: 668ca3e0ead90420f30cc08fefa1515ad0aa0ee7e72b4f25cbc21e42f2fbee73
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97157617618e05fe8c8104398669bc63cc419c1e3435ae2751fdc288269851fb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29511C33A1978986E670AF65E44026E77E4FB89BA0F540139EB8D07B55EF3CE461DB00
                                                                                                                                                                                                                          Function 00007FFF3C4FBC30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: swprintf_s
                                                                                                                                                                                                                          • String ID: %$+
                                                                                                                                                                                                                          • API String ID: 3896565401-2626897407
                                                                                                                                                                                                                          • Opcode ID: 6e90ffe9c642c782b465d9d2f26a06a4c3046476c753383f1b4efba89a8bb124
                                                                                                                                                                                                                          • Instruction ID: dbd4638d8e363d1bbc46f02d152004137f361092fea2059fb19e80dd860eba58
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e90ffe9c642c782b465d9d2f26a06a4c3046476c753383f1b4efba89a8bb124
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B321C322A08BC486E7618B15E4513EBA7D1EB9A788F55C035EA8C07B89DF7CD448D741
                                                                                                                                                                                                                          Function 00007FFF3C4FBD40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: swprintf_s
                                                                                                                                                                                                                          • String ID: %$+
                                                                                                                                                                                                                          • API String ID: 3896565401-2626897407
                                                                                                                                                                                                                          • Opcode ID: 186e6b7b65756e765ad9213a07cff03190eae5dfd83764849c967a8c8dfc9711
                                                                                                                                                                                                                          • Instruction ID: 87dd8839daa771f7ffdcd2e2c8af37c6a4a606b7049a18eacaa9d921201059be
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 186e6b7b65756e765ad9213a07cff03190eae5dfd83764849c967a8c8dfc9711
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC21D263A0CBC486E7618715E4413EAA7E1EB9A788F59C035EA8C07B89DF7CD448C711
                                                                                                                                                                                                                          Function 00007FFF3C4E0DB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: swprintf_s
                                                                                                                                                                                                                          • String ID: %$+
                                                                                                                                                                                                                          • API String ID: 3896565401-2626897407
                                                                                                                                                                                                                          • Opcode ID: 9c44a3b0f31c0479e37dba94058b9afffbb914e1bb85328f0ade4355861215de
                                                                                                                                                                                                                          • Instruction ID: 4a66db89d106ec01b235465510f77c42677a4c2906cd157ad337e622bf5815ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c44a3b0f31c0479e37dba94058b9afffbb914e1bb85328f0ade4355861215de
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4031C31260C7C585E7618B15E4943EBABD1EB9A788F498035EB8C07B86CF3CD509D741
                                                                                                                                                                                                                          Function 00007FFF3C4E0ED0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: swprintf_s
                                                                                                                                                                                                                          • String ID: %$+
                                                                                                                                                                                                                          • API String ID: 3896565401-2626897407
                                                                                                                                                                                                                          • Opcode ID: 2ec555f3ee8adb07872eae90849ac8a8bcf68c1dac9c639f359ea0151880464c
                                                                                                                                                                                                                          • Instruction ID: 08e6b5297187a1ce193c1c4c742496518de1dc874624428480628b85a9f18902
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ec555f3ee8adb07872eae90849ac8a8bcf68c1dac9c639f359ea0151880464c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB31E31260C7C185EB219B15E4903EBABD0EB9A788F498135EB8C07B86CF7CD408D740
                                                                                                                                                                                                                          Function 00007FFF3C4FB650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: swprintf_s
                                                                                                                                                                                                                          • String ID: %$+
                                                                                                                                                                                                                          • API String ID: 3896565401-2626897407
                                                                                                                                                                                                                          • Opcode ID: 364c9598b53bbc02dc436ed942a7a46d58674911a20bd110850e6760a15a3126
                                                                                                                                                                                                                          • Instruction ID: a7675d6ae15d9c5f003f222bda80dfb49228df8c85e3e54e7357693bb0df0409
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 364c9598b53bbc02dc436ed942a7a46d58674911a20bd110850e6760a15a3126
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E221E16260C7C485F7218B15E8403EEA3E1EBAA798F588031EA8C43B89DF7CD446DB01
                                                                                                                                                                                                                          Function 00007FFF3C4E06C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: swprintf_s
                                                                                                                                                                                                                          • String ID: %$+
                                                                                                                                                                                                                          • API String ID: 3896565401-2626897407
                                                                                                                                                                                                                          • Opcode ID: 5d343aecaae5f0a76076223a56a0f4f168b2cd057e740f3eccfeff4a92ce7600
                                                                                                                                                                                                                          • Instruction ID: cf42ac41d3377f5f95de003b0590f5cc020ad2b3fd0b16d70c27c8cd50676ad6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d343aecaae5f0a76076223a56a0f4f168b2cd057e740f3eccfeff4a92ce7600
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B621A523A0C7C585F7619765E4803EABBD1E799788F598031EA8C07B89CF3CD446DB50
                                                                                                                                                                                                                          Function 00007FFF3C4E07D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: swprintf_s
                                                                                                                                                                                                                          • String ID: %$+
                                                                                                                                                                                                                          • API String ID: 3896565401-2626897407
                                                                                                                                                                                                                          • Opcode ID: b677d03a977e7ff8e996dd34085338dd1964c5713c0a840dc1551a9c64cee9bf
                                                                                                                                                                                                                          • Instruction ID: 4d810b427b4aadee41b19c17d50d9487b3ebd070994ebf6eb1b95e79e5d3eecc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b677d03a977e7ff8e996dd34085338dd1964c5713c0a840dc1551a9c64cee9bf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C21A522A0C7C585E7218765E4803EBB7E1F799788F198035EA8C07B89CF3CD445D750
                                                                                                                                                                                                                          Function 00007FFF3C4FC0D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: swprintf_s
                                                                                                                                                                                                                          • String ID: %$+
                                                                                                                                                                                                                          • API String ID: 3896565401-2626897407
                                                                                                                                                                                                                          • Opcode ID: 59944cb45f2b4bb69df20970651e644d9ceece964d4cad3fe5998f5e56035204
                                                                                                                                                                                                                          • Instruction ID: da7b5ce7bb7272d8d95944b1b1c5228ac82fdace7713b9b962e71a50017ada3e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59944cb45f2b4bb69df20970651e644d9ceece964d4cad3fe5998f5e56035204
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD21E723A0D7C485F7218B15E9403EAB7E1EBA9788F588031EA8C07B89DF7CD446DB40
                                                                                                                                                                                                                          Function 00007FFF3C4FC1E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: swprintf_s
                                                                                                                                                                                                                          • String ID: %$+
                                                                                                                                                                                                                          • API String ID: 3896565401-2626897407
                                                                                                                                                                                                                          • Opcode ID: 6a816d08360c454dff1b713474d730c4b81135c03d4d38df6b14bf42891274fa
                                                                                                                                                                                                                          • Instruction ID: 4181abe487e39eab2b9fedc20ee14626c4ae502f7250e111a02a78e1f4289bbf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a816d08360c454dff1b713474d730c4b81135c03d4d38df6b14bf42891274fa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83210523A0C7C485E7218B95E8403EAB3E1EBA9788F598031EA8C03B89DF3CD446D741
                                                                                                                                                                                                                          Function 00007FFF3D72A538 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name::operator+
                                                                                                                                                                                                                          • String ID: void$void
                                                                                                                                                                                                                          • API String ID: 2943138195-3746155364
                                                                                                                                                                                                                          • Opcode ID: 97d3235dbf24bda01b6dbd3d7bde98b4578176fb3c7ca11f2c57902aac5691c6
                                                                                                                                                                                                                          • Instruction ID: ccd19b9b89b8d03df403bccd657c35e833ffd5aa0620be5272713db7466581da
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97d3235dbf24bda01b6dbd3d7bde98b4578176fb3c7ca11f2c57902aac5691c6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF312862E18B999CFB00CBA4E8410FD37F0BB48748B440536EE4E56B59EF3CA144D790
                                                                                                                                                                                                                          Function 00007FFF3C4DE980 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFF3C4DE864), ref: 00007FFF3C4DE9A4
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509920
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509928
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C509931
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C509900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFF3C4D61A3), ref: 00007FFF3C50994D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                          • API String ID: 2502581279-2658103896
                                                                                                                                                                                                                          • Opcode ID: 721acee9423e687bc6e3ffadff0e188acaee766046d04793891568fb5dd5ed72
                                                                                                                                                                                                                          • Instruction ID: 452ac958f396a99f2f53a862836433161313f3b06553096ae079e132a202ce20
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 721acee9423e687bc6e3ffadff0e188acaee766046d04793891568fb5dd5ed72
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2121D126508F8581E720DF20E4803AA77F0FB98BA8F450136DA8C0335ACF3CD191D790
                                                                                                                                                                                                                          Function 00007FFF3D72676F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHeader$ExceptionRaise
                                                                                                                                                                                                                          • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                                                                                                                                                                          • API String ID: 3685223789-3176238549
                                                                                                                                                                                                                          • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                                                                                                          • Instruction ID: d345e1897f8586b03f2bd5ffedf441afa93f004764969f80782fe9508ad882ad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F80171A1E19A8EA1EF60DB94E85117C63E1FF80B44F446432E60E07669FF6CF509D740
                                                                                                                                                                                                                          Function 00007FFF3D726B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                          • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                                                                                                          • Instruction ID: 804d4ec2e82417a01a380e7f29708e9ee33e4fc6d28d88c55e4ff47f620570b3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60113032618B8582EB618F15F84025DB7E5FB88B94F684231DE8C07768EF3DD551C740
                                                                                                                                                                                                                          Function 00007FFF414B3244 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                          • Opcode ID: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                                                                                                          • Instruction ID: 136c9a9333c5be7deb44257b3f5cbe2f9ff2825cbb32c0eb9abc1786a563925a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6112B32A1DB8182EB669F16F580669B7E5FB89B84F584234DE8C07768DF3CD552CB00
                                                                                                                                                                                                                          Function 00007FFF3D72F450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3D726E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFF3D7229EE), ref: 00007FFF3D726E56
                                                                                                                                                                                                                          • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFF3D72F48A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abortterminate
                                                                                                                                                                                                                          • String ID: csm$f
                                                                                                                                                                                                                          • API String ID: 661698970-629598281
                                                                                                                                                                                                                          • Opcode ID: 89070a3729e3cdc045543aa2d9e9ff952cd9e076b18af429ec74a74252da6a16
                                                                                                                                                                                                                          • Instruction ID: 26e5d79afc0b7f8373ef04673d1ca536e609c214fe898576ded44d96045e54f8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89070a3729e3cdc045543aa2d9e9ff952cd9e076b18af429ec74a74252da6a16
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55E06532D086DA81F7306BB2F18013D66E4EF49B54F148075DBC806646EE7CF5919701
                                                                                                                                                                                                                          Function 00007FFF3C4D6440 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFF3C4D644D
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F12
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F38
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F50
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFF3C4D646A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFF3C4D6475
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$Getmonthsmallocmemcpy
                                                                                                                                                                                                                          • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                                                                                                                                                                                                                          • API String ID: 1628830074-4232081075
                                                                                                                                                                                                                          • Opcode ID: a3d7b746740ef89b1ebcb4e51b32cfe808f69842bcf79fc42b6d339746554cb9
                                                                                                                                                                                                                          • Instruction ID: 38dbf93f51e44d4b5952495554a94b0cac424eac07cd4703bfde1445cf551c19
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3d7b746740ef89b1ebcb4e51b32cfe808f69842bcf79fc42b6d339746554cb9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1E06D22A09A4291EB44AF21F88537963F0EF18FC8F844031DA0D06769DF3CD894D3D0
                                                                                                                                                                                                                          Function 00007FFF3C4D6B00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFF3C4D6B0D
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4F70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4E6FAD,?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4D4F99
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4F70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4E6FAD,?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4D4FC8
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4F70: memcpy.VCRUNTIME140(?,?,00000000,00007FFF3C4E6FAD,?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4D4FDF
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFF3C4D6B2A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF3C4D6B35
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$Getdaysmallocmemcpy
                                                                                                                                                                                                                          • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                          • API String ID: 1347072587-3283725177
                                                                                                                                                                                                                          • Opcode ID: 491e972c8bff342c0b3e2341061dfc53bffd4ec5bd76dda20caadaa026c5660d
                                                                                                                                                                                                                          • Instruction ID: 384d61f3a6f1d54ca74d59d989b72bf8c49a47b791776298fd42fa23c7b9becf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 491e972c8bff342c0b3e2341061dfc53bffd4ec5bd76dda20caadaa026c5660d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2E03922608A0181EA50AF15E88836963F0EF08F98F951134DA0D06369DF2CD884D780
                                                                                                                                                                                                                          Function 00007FFF3C4D6B50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFF3C4D6B5D
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4F70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4E6FAD,?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4D4F99
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4F70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFF3C4E6FAD,?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4D4FC8
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4F70: memcpy.VCRUNTIME140(?,?,00000000,00007FFF3C4E6FAD,?,?,?,?,?,?,?,?,?,00007FFF3C4EE9FE), ref: 00007FFF3C4D4FDF
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFF3C4D6B7A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFF3C4D6B85
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$Getmonthsmallocmemcpy
                                                                                                                                                                                                                          • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece
                                                                                                                                                                                                                          • API String ID: 1628830074-2030377133
                                                                                                                                                                                                                          • Opcode ID: 58903103ffa2ea38267c1cb8d3ed3a07be80c6a0489380fa06a448974bfd1a2a
                                                                                                                                                                                                                          • Instruction ID: 96bb02489f5c0ebbf5d0285884e780684efe4f4c2fdaf515720541463452606f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58903103ffa2ea38267c1cb8d3ed3a07be80c6a0489380fa06a448974bfd1a2a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACE0ED21609B4195EB91AF21F98436963E4EF44FD8F846035DA4E06769DF3CD8C5D380
                                                                                                                                                                                                                          Function 00007FFF3C4D63D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFF3C4D63DD
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F12
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F38
                                                                                                                                                                                                                            • Part of subcall function 00007FFF3C4D4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFF3C4E17E4,?,?,?,00007FFF3C4D454B,?,?,?,00007FFF3C4D5C41), ref: 00007FFF3C4D4F50
                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFF3C4D63FA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF3C4D6405
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$Getdaysmallocmemcpy
                                                                                                                                                                                                                          • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                          • API String ID: 1347072587-3283725177
                                                                                                                                                                                                                          • Opcode ID: c15b05420722401e6fd35f1a9a4c3c3fac8c1189437b617335133950bed26ea2
                                                                                                                                                                                                                          • Instruction ID: 622590687ab49ecf405638ff33527ed2cd6c33ff6a0d0a1c70a8fcafb1a723c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c15b05420722401e6fd35f1a9a4c3c3fac8c1189437b617335133950bed26ea2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2E01222709B8691EB40AF15F984379A3E1EF44FD8F889035DA0D0A75ADF3CD885D7A0
                                                                                                                                                                                                                          Function 00007FFF3D726E64 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FFF3D726CE9,?,?,?,?,00007FFF3D7305B2,?,?,?,?,?), ref: 00007FFF3D726E83
                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FFF3D726CE9,?,?,?,?,00007FFF3D7305B2,?,?,?,?,?), ref: 00007FFF3D726F0C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925012304.00007FFF3D721000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFF3D720000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924974548.00007FFF3D720000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925249553.00007FFF3D733000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925335128.00007FFF3D738000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925404596.00007FFF3D739000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3d720000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1452528299-0
                                                                                                                                                                                                                          • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                                                                                                          • Instruction ID: 7f855f38bb66ce1048c8de6667b36f39ab264f2d6e47729c581a04450a18830d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC114C60E0968B82FF249BA5E94017C22E1AF48BA0F484635D92E077D5FE3CF841A650
                                                                                                                                                                                                                          Function 00007FFF414B3464 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FFF414B3325,?,?,?,?,00007FFF414B41CA,?,?,?,?,?), ref: 00007FFF414B3483
                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FFF414B3325,?,?,?,?,00007FFF414B41CA,?,?,?,?,?), ref: 00007FFF414B350B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1925517035.00007FFF414B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFF414B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925479901.00007FFF414B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925578965.00007FFF414B5000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925637149.00007FFF414B8000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1925675416.00007FFF414B9000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff414b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1452528299-0
                                                                                                                                                                                                                          • Opcode ID: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                                                                                                          • Instruction ID: 20b9a214afceab8c03af52e73b94f0297112779896a71ade382eeae67b87df1c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30113D64E0D60782FB77BB36E99093966D1AF4ABA0F184634D92E073F5DE3CF8418610
                                                                                                                                                                                                                          Function 00007FFF3C4ED710 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                          • Opcode ID: 17e99220f8967c12a32b4232ba5c95c8a342f86e10a6801ad5c103a484bf211d
                                                                                                                                                                                                                          • Instruction ID: dcc649d3ee0f5b7b4311980893dee9981967e308a84aad9733c5956f8eba7d5a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17e99220f8967c12a32b4232ba5c95c8a342f86e10a6801ad5c103a484bf211d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7F0E736B18B069AEB84AF16EE9416873E0FF88F94F545031CA5E43B61DF6CE4A59300
                                                                                                                                                                                                                          Function 00007FFF3C4ED780 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                          • Opcode ID: 232d6a95f21198eac45a7db5673a4c35294f27fe46f5697967a766f55e7756fc
                                                                                                                                                                                                                          • Instruction ID: 28424e5227298f0c3ca858bbdc3abc0f593137c4995405cc426514e88384ee3d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 232d6a95f21198eac45a7db5673a4c35294f27fe46f5697967a766f55e7756fc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85F0E736B18B069AEB849F16E99416873E0FF88F94F545031CA4E43B61DF6CE4A59340
                                                                                                                                                                                                                          Function 00007FFF3C500AB0 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                          • Opcode ID: 3328a908bbbcdaedd706fd94bdc45f6dfb402d07c88e9721b686c43f08177589
                                                                                                                                                                                                                          • Instruction ID: d168eff3c7bf9799d429504433496d392afd9cf6cab5b12407ae9948e6d7d650
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3328a908bbbcdaedd706fd94bdc45f6dfb402d07c88e9721b686c43f08177589
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51F0E736B18B069AEB84AF16E99416873E0FF88F94F545031CA4D43B71DF6CE4A59300
                                                                                                                                                                                                                          Function 00007FFF3C4ED508 Relevance: 5.0, APIs: 4, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.1923233648.00007FFF3C4D1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFF3C4D0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1923197348.00007FFF3C4D0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924233070.00007FFF3C525000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924811765.00007FFF3C553000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000013.00000002.1924877580.00007FFF3C557000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7fff3c4d0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                          • Opcode ID: 5b36adbf8a5d9ce7058db387187efa5dd8d77d4407507034b1847c1e99744d1d
                                                                                                                                                                                                                          • Instruction ID: 01f4b3e93dc56e62f178bf6ef9260913998954ec192c1ec55ac9475858066f08
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b36adbf8a5d9ce7058db387187efa5dd8d77d4407507034b1847c1e99744d1d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68E0B662A14A059AEB54AF32EC9403873F0FFA8F69B992031CE0E46324CF68D895D340

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FFEC82BA465 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: abdac97132251ea1b0b833bbd311f02dd5168ee3b66a737cd329bfbbbc6021a3
                                                                                                                                                                                                                          • Instruction ID: a8bcbedeab4a7975b8de59780cc0f58b3c1111cb96c7b6b19a03092f44e7ca47
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abdac97132251ea1b0b833bbd311f02dd5168ee3b66a737cd329bfbbbc6021a3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8481373091D99E4FD75DDE2CC8491BA7BE5FB8A30175441BEE44BC3196CD28E906CB84
                                                                                                                                                                                                                          Function 00007FFEC82BB703 Relevance: 9.1, Strings: 7, Instructions: 352COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: H9S$`9S$`9S$`9S$h9S$p9S$x9S
                                                                                                                                                                                                                          • API String ID: 0-3406551280
                                                                                                                                                                                                                          • Opcode ID: 28e716ccd918103c0b967a60e6e686f59e2c8e5f6100345146431f94ff7b4a09
                                                                                                                                                                                                                          • Instruction ID: bdb4436d08940fc7adb0c34864cf23308596a1a8170404225a1b6121e5673daf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28e716ccd918103c0b967a60e6e686f59e2c8e5f6100345146431f94ff7b4a09
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74C15130A1D94C9FDB85EB6CC459EB97BE1EF59300B5504E9E44EDB2A6CE24E842CB40
                                                                                                                                                                                                                          Function 00007FFEC82BB812 Relevance: 7.8, Strings: 6, Instructions: 252COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: H9S$I$`9S$h9S$p9S$x9S
                                                                                                                                                                                                                          • API String ID: 0-1268648822
                                                                                                                                                                                                                          • Opcode ID: 8ab47b72a5d6466e9a4337d5a022c8592e17b304343ccff527e5a64eac0bdd82
                                                                                                                                                                                                                          • Instruction ID: 90475ffaa13d23d01c28800de778b54b45081f061e0ad6f7a9fd255ee9c9845c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ab47b72a5d6466e9a4337d5a022c8592e17b304343ccff527e5a64eac0bdd82
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE81643061D98C9FDB85EB6CC459EB97BE5EF5A300B4404E9D44EDB2A7CE28E842C740
                                                                                                                                                                                                                          Function 00007FFEC82BB7A0 Relevance: 6.6, Strings: 5, Instructions: 302COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: H9S$`9S$h9S$p9S$x9S
                                                                                                                                                                                                                          • API String ID: 0-3982073621
                                                                                                                                                                                                                          • Opcode ID: 3ab5cf456ff27bd9ff5fc3ba36e598d40f9ff39d5580e0399dc6f24bc610313e
                                                                                                                                                                                                                          • Instruction ID: 897acca329474c07623a325c5e42ee81bdf86370baf7b56c66b9234058a6a705
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ab5cf456ff27bd9ff5fc3ba36e598d40f9ff39d5580e0399dc6f24bc610313e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AA1403061D9499FDB85EB6CC459EB97BE1EF59300B4504F9E44EDB2A6CE24EC42CB40
                                                                                                                                                                                                                          Function 00007FFEC82C0047 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: :S$(:S
                                                                                                                                                                                                                          • API String ID: 0-697860757
                                                                                                                                                                                                                          • Opcode ID: c8979b64fcc9e9593905fb74bd6dd13449a1ae202289afce63eb9762caf8a4fc
                                                                                                                                                                                                                          • Instruction ID: c453b3f36a8c2c907ae5c614db972ce00c2c895ac35cf5f2ec89189571de9e83
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8979b64fcc9e9593905fb74bd6dd13449a1ae202289afce63eb9762caf8a4fc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4581F73090DBC94FE7179B78485A6B97FE0EF57220F0801EEE089DB1E3DA696446C752
                                                                                                                                                                                                                          Function 00007FFEC82B68F9 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 9S$SM_^
                                                                                                                                                                                                                          • API String ID: 0-205750684
                                                                                                                                                                                                                          • Opcode ID: 8f1250edd6859d4f9669bc95b97bbd77111f57062ffdc61371bf68f30d27c855
                                                                                                                                                                                                                          • Instruction ID: db03dd565c670efddac60dec7e1080013906a3991ffcfa8b06eb45b034a0baa4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f1250edd6859d4f9669bc95b97bbd77111f57062ffdc61371bf68f30d27c855
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3515D3290E98A4FE79DDB2858196B47BD4EF86320B0801BEE44EC71E2DD196D46C385
                                                                                                                                                                                                                          Function 00007FFEC82B89D5 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 09S
                                                                                                                                                                                                                          • API String ID: 0-3020043886
                                                                                                                                                                                                                          • Opcode ID: aa00b6f8e2b22b2b1c7cdd152cfc7d164bc162c220ee0413553f85f079a12238
                                                                                                                                                                                                                          • Instruction ID: 5cd57fb3fa0683bdd9028a299e61bab9c5ddfc82c380367aff5efdfc49d5d6ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa00b6f8e2b22b2b1c7cdd152cfc7d164bc162c220ee0413553f85f079a12238
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E41097080E5994FDB69EA248C495E97BB4EF92350F4402FED44ED70A3DE345B45CB81
                                                                                                                                                                                                                          Function 00007FFEC82BB621 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: X9S
                                                                                                                                                                                                                          • API String ID: 0-1353038681
                                                                                                                                                                                                                          • Opcode ID: 84dd1c2decb6c02683047bd1c51874041f63a00b0d2f2ccda91d7dda992b7a31
                                                                                                                                                                                                                          • Instruction ID: 05a3d91b512afa9233a1d29eaf4f8767529201d6806ac664951bab3ed3c79b39
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84dd1c2decb6c02683047bd1c51874041f63a00b0d2f2ccda91d7dda992b7a31
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99219D31609A4C5FDB989F288859BB637E5EF99311F0401BAF40EC32A2DE64ED55C781
                                                                                                                                                                                                                          Function 00007FFEC82B85D8 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: X9S
                                                                                                                                                                                                                          • API String ID: 0-1353038681
                                                                                                                                                                                                                          • Opcode ID: ec0ea1050668a492a950b41959a06c5e12f2623bd1b414da5756193ca4e2624d
                                                                                                                                                                                                                          • Instruction ID: a42bfb9238e5f41149835c31f0d3e1f0a5bbdf88505a37bc6c7880f650c1638b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec0ea1050668a492a950b41959a06c5e12f2623bd1b414da5756193ca4e2624d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7821A23060994C6FDB98EE68885DBB637E5EBA9311F4401BEE44ED32A2CD60EC45C781
                                                                                                                                                                                                                          Function 00007FFEC82BD7AB Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: CrM_^
                                                                                                                                                                                                                          • API String ID: 0-1483521587
                                                                                                                                                                                                                          • Opcode ID: d71fe595812a24e5a04c4884c83ddedb79b89273f9b4e7f5fed54848fd35727c
                                                                                                                                                                                                                          • Instruction ID: bff7dcc3f6d4af99a7a7db6ec28c63eab69f0193d838ebf14c6a1e4b4dbcbc84
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d71fe595812a24e5a04c4884c83ddedb79b89273f9b4e7f5fed54848fd35727c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8001A271A19A4E8FCB48EF18D8445EA77A1FF88310F50066AF81DC3292CE74E915CB80
                                                                                                                                                                                                                          Function 00007FFEC82B694C Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: SM_^
                                                                                                                                                                                                                          • API String ID: 0-3193930420
                                                                                                                                                                                                                          • Opcode ID: b22ef48ef78b85f631ebfa625eba812bd7e17e133aed9b5f2579bfe0d9307b37
                                                                                                                                                                                                                          • Instruction ID: 6b389c7ecca39a323eb79fe92519743f44edaf861cf686fce06761dba4196c23
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b22ef48ef78b85f631ebfa625eba812bd7e17e133aed9b5f2579bfe0d9307b37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F0B43180EA064EEB68FE149946DB973D8EFC4341F040A7AE54BC61A1DE14BE45C6D2
                                                                                                                                                                                                                          Function 00007FFEC82B3F55 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ``S
                                                                                                                                                                                                                          • API String ID: 0-2374996771
                                                                                                                                                                                                                          • Opcode ID: 23a06692b0fdd0257134d9cd54e90135aaa612c25466d9ded9e3fac68de3b0ba
                                                                                                                                                                                                                          • Instruction ID: d1ca0d014212c9b729bbe52a0267167146fe7fc1f23162a898155ad074357437
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23a06692b0fdd0257134d9cd54e90135aaa612c25466d9ded9e3fac68de3b0ba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE0262290A44E1EDB50DAA8DD091FC77E8EF81210B0006A7E80E87492EE6126218640
                                                                                                                                                                                                                          Function 00007FFEC82B3EC6 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ``S
                                                                                                                                                                                                                          • API String ID: 0-2374996771
                                                                                                                                                                                                                          • Opcode ID: d411039485e7d6ea6fe37e362d5557cae6ac1d3ad1c1acfb7d207ad827a58c32
                                                                                                                                                                                                                          • Instruction ID: d1103d6ad3a4b2673053d8401dc9eb7c72b06cfa29fed56c36f80d85fee2c7b2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d411039485e7d6ea6fe37e362d5557cae6ac1d3ad1c1acfb7d207ad827a58c32
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1D0A74184F28A7FD31AB3A038171F5BBD09F13120B4405EFD48A4B1A3D94A16D18245
                                                                                                                                                                                                                          Function 00007FFEC82B4B65 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 86a88b1b17c050a19118c692dceec1a3596d1e3acf388846fe86eb32e49473d4
                                                                                                                                                                                                                          • Instruction ID: a5e8c8741aa41a2b96aca43ecfa75a8f4ee0c01595ddf6fabb647700fd415da2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86a88b1b17c050a19118c692dceec1a3596d1e3acf388846fe86eb32e49473d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BC1D23080E7C65FE31B8B748895AA17FA4AF03264B1D02EAD4D5CB1F3DA5C645AC762
                                                                                                                                                                                                                          Function 00007FFEC82B4BFD Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 38859119ec0bfacd7461e72b9277af7f798227711448d2def9278223beef68a3
                                                                                                                                                                                                                          • Instruction ID: 97ff72f2a0c96fbc8379583e9b82355de66518bb39266c74416b0317d87f8330
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38859119ec0bfacd7461e72b9277af7f798227711448d2def9278223beef68a3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92B1D23080E7C25FE31B8B748C96A617FA0AF03224B1D02EAD4D1CB1F3DA5C645AC766
                                                                                                                                                                                                                          Function 00007FFEC82B43F1 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e39d081f96f672e97e437732e124817bd0a7b1c0961f78fb4e8bd91966585e82
                                                                                                                                                                                                                          • Instruction ID: 5f7cf6dd126581360bffe4f1ba7048988dd83a2fe177c9da93e987f2200fe394
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e39d081f96f672e97e437732e124817bd0a7b1c0961f78fb4e8bd91966585e82
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A51BF3090DA5D4FDB68EF1898897F9B3A1FF95300F0046FAD40E97192DE34AA85CB85
                                                                                                                                                                                                                          Function 00007FFEC82B8D42 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 22ac51453209795cd3173566f1760b17a6500f0c61aa55eca4c98127111e7af2
                                                                                                                                                                                                                          • Instruction ID: 7441d171477c5bb2c465c15a8cf04f5f90cb7ac61c16861afa98ed6df8fdf486
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22ac51453209795cd3173566f1760b17a6500f0c61aa55eca4c98127111e7af2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4051AE3081A56D8ADB6DDB24C8596FCB7A4EF59300F5002FEE44FD71A2DE345B85CA44
                                                                                                                                                                                                                          Function 00007FFEC82B4280 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: eb6993b4ba43dae4e196b533126d649f7301dc5e7fbbdb8e38a81aca123e143d
                                                                                                                                                                                                                          • Instruction ID: e47b361d8482b3bd188b9bc9b776f1c190f8caf14da81caf5a186961ef76dd6e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb6993b4ba43dae4e196b533126d649f7301dc5e7fbbdb8e38a81aca123e143d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA51B0308096198FEFA8EF2884887F977E0EF55311F0445BAD44EC71A2CF74AA84CB95
                                                                                                                                                                                                                          Function 00007FFEC82B313A Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4fe92983bf468284128054e99b039a48a72b9fd26d6443999d05e5cc83d7ed60
                                                                                                                                                                                                                          • Instruction ID: a733d9af92ca92af6f906ebfc438760c4f609a42e696c304f7b9a505596a18dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fe92983bf468284128054e99b039a48a72b9fd26d6443999d05e5cc83d7ed60
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1510231D1D95A4AEB1CDE98C5486FCB7E9EF95310F20023AE04BD72D5DE38AA06C744
                                                                                                                                                                                                                          Function 00007FFEC82BE1E4 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fa040a608b67eb82a09b26d68669e0ec543dc394fc063f92836a36f9bc4b98b6
                                                                                                                                                                                                                          • Instruction ID: 845f384b433e8b8ede12a7314bc112a592034f0112ada98d0939986641134dbb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa040a608b67eb82a09b26d68669e0ec543dc394fc063f92836a36f9bc4b98b6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73513B6191E6C94FE39ADB3848591B97FD4EF8A310B4805FFE08ECB1E3D9186606C345
                                                                                                                                                                                                                          Function 00007FFEC82B14D0 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8f0a378da1f9093127d9d2bce340b3c999b5efbd825a236ca6bbafd53ba49673
                                                                                                                                                                                                                          • Instruction ID: bc21e5084e61a50d2c92b1ce4a16fcd0ebb0fff62b40dc49d737f9e14dcf2f63
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f0a378da1f9093127d9d2bce340b3c999b5efbd825a236ca6bbafd53ba49673
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95410C30914A1E8FDF88EF68C4596FD77A5FFA8315F50053AE41ED32A0DA74A541C784
                                                                                                                                                                                                                          Function 00007FFEC82B8D63 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 98f292c95bec4eb760a44962f866b322f1ccf5f04dd914fc931e7eb0e2e12feb
                                                                                                                                                                                                                          • Instruction ID: 82d489f75ffb71e42f0b1402acac3b59ed950c213880e478c067e6a2784fce6a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98f292c95bec4eb760a44962f866b322f1ccf5f04dd914fc931e7eb0e2e12feb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF419E3091A56D8ADB6DEB14C8996FCB3E4EF59301F5001FAE44FD31A2DE386B81CA44
                                                                                                                                                                                                                          Function 00007FFEC82B56E5 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 38457261e92b49cebd1aa7bd889f38f1fc476098b2f37e7a42e59d9a276aac68
                                                                                                                                                                                                                          • Instruction ID: 0fc5dbed60944fa48c2af4dbda6bd04d4a8ca46cb4af243ad24c18233ecebbb6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38457261e92b49cebd1aa7bd889f38f1fc476098b2f37e7a42e59d9a276aac68
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57416C30A08A498FDB58EFACD849BA8B7F4FF65314F004169D01AD7691CB74E695CF82
                                                                                                                                                                                                                          Function 00007FFEC83C0033 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2059842164.00007FFEC83C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC83C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec83c0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c4968b6988aca3f0a43d2c4a6e22828a1ebb1ad5e7a8736f5c9972cba59e0cb8
                                                                                                                                                                                                                          • Instruction ID: f704fed895af6607924ba51b5e53e5ec37a11bc415c408e5999a6a0b29f8008d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4968b6988aca3f0a43d2c4a6e22828a1ebb1ad5e7a8736f5c9972cba59e0cb8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0131D33170D98A0FE7989A1C986577A37D5EB9A220F04027BE04EC36E3DD19AD528385
                                                                                                                                                                                                                          Function 00007FFEC82B36B8 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3a47f266d9db3472758505e47fb86952989cae116ac8e957bc0a7e2e31288322
                                                                                                                                                                                                                          • Instruction ID: 80421b2a9298a8fd5985d783520bb4e5f5ac74fc51bbfd39364902d34b86bcc7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a47f266d9db3472758505e47fb86952989cae116ac8e957bc0a7e2e31288322
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE31293191CA498FDB1CDB6C98096F9BBE0FB9A321F10426FD049D3652CA74A816CBC5
                                                                                                                                                                                                                          Function 00007FFEC82B55DB Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7b717b52cc9396b42e4310ef5ec0867a7d1d900622673480e55b691877fe46f9
                                                                                                                                                                                                                          • Instruction ID: 1e30ec5cd2e888f8d57ebbaa451abe47af69d8cde38f345fade0df5c87df1a0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b717b52cc9396b42e4310ef5ec0867a7d1d900622673480e55b691877fe46f9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04413F30A08A498FDB58EFACD849BA8B7F4FB94311F008269D01ED7651DB74E955CB81
                                                                                                                                                                                                                          Function 00007FFEC82B37B0 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2edd4ff927a872ba482710cb2d1d0350e3317432fa258200b613174c7995bb77
                                                                                                                                                                                                                          • Instruction ID: 5906bf457da3ab9bf6299fc5e52b2c323d0003329d4cd880b5338fa74692b0f3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2edd4ff927a872ba482710cb2d1d0350e3317432fa258200b613174c7995bb77
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F31097190CB489FDB1CDB5C98096F97BE0FB9A321F10426EE049D3252CB74A816CB85
                                                                                                                                                                                                                          Function 00007FFEC82BE222 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 197d179b86348c218b11766c2b7a004b7ea6e65c897f18b801f88737beabd6e2
                                                                                                                                                                                                                          • Instruction ID: dc3cbb68452abeb02a0ac344e6fb6350ade04584cf7254f93d023abcafb44a7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 197d179b86348c218b11766c2b7a004b7ea6e65c897f18b801f88737beabd6e2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD41F51540F6C90FE396977C49691B97FE4DF97310B4805FAD08ACB1F3D9082A16D346
                                                                                                                                                                                                                          Function 00007FFEC82B1272 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cbc8c364e29be447ff1875425aad2e5503172b0538ba7ee59bb695eb3786acdc
                                                                                                                                                                                                                          • Instruction ID: f837b508ac1e1e7394fe7d333380eba3c250aef1a21ab3f7ec3bd090373d0076
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbc8c364e29be447ff1875425aad2e5503172b0538ba7ee59bb695eb3786acdc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F31C37191CA489FDB1CDB5CD80A6B9B7E0FB99325F10422EE04AD3652CA70A8168BC5
                                                                                                                                                                                                                          Function 00007FFEC82BAF4A Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f484ac4d6fbec0530459fdab5408c7c33b8a93d4ded30e09941e2e4e5cdae470
                                                                                                                                                                                                                          • Instruction ID: 5c73b3effd92ed69081a932d9244c13770ed254ecbdabf11a519f3030a23a9d2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f484ac4d6fbec0530459fdab5408c7c33b8a93d4ded30e09941e2e4e5cdae470
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7121F631619E8C4FDB65EF6898496F97BF4FB99304F0402BBE449C31A2DA25E945C381
                                                                                                                                                                                                                          Function 00007FFEC82BD0A3 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ae01c0c3e238caea4591d80dbd08584cd1eb340ea4638467d65916ce58d4ff6f
                                                                                                                                                                                                                          • Instruction ID: 00ba35f6fc965d0d41c2802b57b880bd75ab97933f9ba4fe5cb3205c10014052
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae01c0c3e238caea4591d80dbd08584cd1eb340ea4638467d65916ce58d4ff6f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D921F632A0D6494FC758EF2C98591FA7FE0EF89322B1002BFF08EC32A1CA2545458759
                                                                                                                                                                                                                          Function 00007FFEC82B049A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 85cd1f7b99b3541b8ce0978c0ccc6f5aef8227f37066c87908d5d7d9a2a5a12a
                                                                                                                                                                                                                          • Instruction ID: d1ce82bc00be55d3520fe80f91a58c0f7c3652d4b29c32b5a83a04927066134f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85cd1f7b99b3541b8ce0978c0ccc6f5aef8227f37066c87908d5d7d9a2a5a12a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8021B271A08A0C8FDB58DF58D84A7FAB7E4EBA9321F00412ED049D3252DA70A856CB91
                                                                                                                                                                                                                          Function 00007FFEC82BBAD8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5de6a6d1e6d0dbdb81b09053087dd24c103f5211b66c76c5fce143dae2390b88
                                                                                                                                                                                                                          • Instruction ID: 73c751c401af67bdf0376a4255387e5a51c7603dc8db7c76719cfed963d9c9d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5de6a6d1e6d0dbdb81b09053087dd24c103f5211b66c76c5fce143dae2390b88
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E21C47160D94C5FDB49EB6C985A9FCBBE0EF59321B4401AAD48AC7173CA21AC43C744
                                                                                                                                                                                                                          Function 00007FFEC82B0F99 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e6d9558b87195d615cfdef41a91d85c5a40134c2b8e0cbe75c1a01fd6587c934
                                                                                                                                                                                                                          • Instruction ID: 01a0f327e71cfe01d03f34539326947a9e71aecb5e0f390397f2104412bcc4a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6d9558b87195d615cfdef41a91d85c5a40134c2b8e0cbe75c1a01fd6587c934
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6521A371A0CA0C8FDB58DF58D8457F9BBE0EBA9321F04416FD449C3252D6709956CB91
                                                                                                                                                                                                                          Function 00007FFEC82BB046 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 86ad42d4d4815708ce474280ec4d59fd2c17cc3bc166375d31ecb5837cd39872
                                                                                                                                                                                                                          • Instruction ID: 293d92d0de21956934804f6d4ab65dd9f0e9e5e6911b004bd03b5d6e52d8bcb9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86ad42d4d4815708ce474280ec4d59fd2c17cc3bc166375d31ecb5837cd39872
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC212C6580E6C95FDB99DF34890AAF53FE1EF86324B0805F9E45A9B0A3D558550AC340
                                                                                                                                                                                                                          Function 00007FFEC82B35FE Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bb69f27cca33edac8396f39b825d29eb25e8e4610ce16cc9055ccf7f31d79a24
                                                                                                                                                                                                                          • Instruction ID: de8708f503f1c29187a27b193584ed28c28ddb2b953ea0f2128b34227763d43c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb69f27cca33edac8396f39b825d29eb25e8e4610ce16cc9055ccf7f31d79a24
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4221B67190CB488FDB25DF98D88AAEABBF0EF56320F04426FD04983112D774A405CB92
                                                                                                                                                                                                                          Function 00007FFEC82B5E1B Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5ce26d33eec583669616c6b4cc06244d6e2dd2d35acf1fa974e20fc2571320cc
                                                                                                                                                                                                                          • Instruction ID: c0f0b5802683b4c778a99776449bea7df2fa0358b9abafd0105d9983e2e7bc41
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ce26d33eec583669616c6b4cc06244d6e2dd2d35acf1fa974e20fc2571320cc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA21C671A0CA0C8FDB58DF5CD84A7EA7BE0EB99321F10822BD449C3115DA709456CB91
                                                                                                                                                                                                                          Function 00007FFEC82B1232 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 27b686155f99546b2b56534a4d7fab4e8eadabbf1babca5853856918d0d337ca
                                                                                                                                                                                                                          • Instruction ID: 1e6d1e41eb913709e4b294115a3d4c5c359a3b9b225f0a953aea121f30537ce2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27b686155f99546b2b56534a4d7fab4e8eadabbf1babca5853856918d0d337ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F921997190CB088FDB14DF99D88AAFABBF4EB59321F00412ED04A93112D7707405CB96
                                                                                                                                                                                                                          Function 00007FFEC82B4F95 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c4cb1f5f0b56bd31e4b9c1957ec081fd8f278fd67c784e75f0b49c51465db674
                                                                                                                                                                                                                          • Instruction ID: bd299dfa2b9c67550b4927cb1d1d6661de39c016291fdd4d7625fc22b1278f73
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4cb1f5f0b56bd31e4b9c1957ec081fd8f278fd67c784e75f0b49c51465db674
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42218330A18A0D8FEB5CDF5CD085BFD7BE1EF99310F544226E00AC7695DA35A582CB84
                                                                                                                                                                                                                          Function 00007FFEC82B10A2 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 90774edfb10d153fd55268776b3102e99d967ddc88309e2339f88d346665aa1c
                                                                                                                                                                                                                          • Instruction ID: f53fa7b85fef89fd9b94aecaf3c2f708337606944caa4c22224932a478227982
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90774edfb10d153fd55268776b3102e99d967ddc88309e2339f88d346665aa1c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7321937190CB088FDB24DF99D88AAFABBF4EB59321F10422ED04A83112D7707406CB92
                                                                                                                                                                                                                          Function 00007FFEC82BB4A4 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0c47522b13d6e0a2e455f48ef32a5fe3225e306c3e0736b7325c153270b64a5b
                                                                                                                                                                                                                          • Instruction ID: d8ca40e17979b72ca9877fa43e215625a6b0e930ed9e72feaac454abba17427c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c47522b13d6e0a2e455f48ef32a5fe3225e306c3e0736b7325c153270b64a5b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1112931A1CB485FDB58DB1C58499EABBE0FB99361B14026FF449D3261CA25E841C7D2
                                                                                                                                                                                                                          Function 00007FFEC82B095E Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3e5f126e7a8692d78bf87d38c0dc5e369e72f619ee712f60dc650df69b41d822
                                                                                                                                                                                                                          • Instruction ID: 9538d93894d8449749cb60bbfd006dc37eed44ee06b306ac7648b55fe6284a43
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e5f126e7a8692d78bf87d38c0dc5e369e72f619ee712f60dc650df69b41d822
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78215E1154E6C51FE38393B419692B56FE59F9B120B8C00FAC889CF1A7D81D585AC366
                                                                                                                                                                                                                          Function 00007FFEC82B662F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 259491779bbd77c1840b312d3a9454241e6aa922b5406ecb98a3218f12b1509c
                                                                                                                                                                                                                          • Instruction ID: 9ee34ff4bbcf5287fb43b25458c10e3f7702917245517bd0e9bb0a52317cdec9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 259491779bbd77c1840b312d3a9454241e6aa922b5406ecb98a3218f12b1509c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F21727190CB0C8FDB24DF99D88AAEABBF0EB59321F10422FD14A83512D770B455CB92
                                                                                                                                                                                                                          Function 00007FFEC82B1E12 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: abdc5fa4aaa3abeb8dfba5670f9611d6b8e69634490b629e40592a30367922d1
                                                                                                                                                                                                                          • Instruction ID: 8b17472783fb0199cda66f8d13486cb29560a7b8de6ea28381775d33712f19f8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abdc5fa4aaa3abeb8dfba5670f9611d6b8e69634490b629e40592a30367922d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE213A30D2E64A8AEB5CAF58D9497FC73D8EF95320F500539F51B821E2CE292951C719
                                                                                                                                                                                                                          Function 00007FFEC82B8C36 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d34097c2e49f7b1041053984439c95f4ac2069213dcd715442036e6952b97655
                                                                                                                                                                                                                          • Instruction ID: 5219a64170c74c27c01b7c60f82be5e59d321b6579e35ea2e26377fc48935dbf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d34097c2e49f7b1041053984439c95f4ac2069213dcd715442036e6952b97655
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C11A23181E95D5EE719EB2499592F9B3E4EF86310F9011FAE04F930A2DE253F44DA44
                                                                                                                                                                                                                          Function 00007FFEC82B65F2 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 856ebe9b19ba678cb7b4391f5f0444d0a378e5a5cb7747efc95e06e71b260fe3
                                                                                                                                                                                                                          • Instruction ID: 3b73b9827fefca07c41e10282a90b747ea139f286a8667962d8d82910c8490ab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 856ebe9b19ba678cb7b4391f5f0444d0a378e5a5cb7747efc95e06e71b260fe3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9911937190CB088FDB15DF9CE4856A9BBF0EB58321F10426FD14983612D774A545CF86
                                                                                                                                                                                                                          Function 00007FFEC82B0ADD Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3d3eeda8a9303c1990f8f387555c58e9497b3cbb3cc856a62a46ca82be0614db
                                                                                                                                                                                                                          • Instruction ID: 9ca60858ba8617797974f85acdee2e0dda066e6e5912eb666f51b3800af61474
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d3eeda8a9303c1990f8f387555c58e9497b3cbb3cc856a62a46ca82be0614db
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F711EC5160D7C81FD386E73858591F57FD1EF9E111F4405EBD4C8CB697DD184A428342
                                                                                                                                                                                                                          Function 00007FFEC82B443E Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 016c5f35354ea6952ed54fe2f42efd969ef4ac7ae235419b3999e7da220aa419
                                                                                                                                                                                                                          • Instruction ID: 0d0e2d8cca4132e431d6f27526ac4c74677e96d60ecc8715e76607d0593804d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 016c5f35354ea6952ed54fe2f42efd969ef4ac7ae235419b3999e7da220aa419
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F11DD3180C6198FEF68EF18D8847E973B0FF49320F0045EAD50E86192DB74AA94CF91
                                                                                                                                                                                                                          Function 00007FFEC82BA316 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 14e27427674f1be474c887010463a6490d20be403d9cd02e07e1032107b20ec8
                                                                                                                                                                                                                          • Instruction ID: d09d82a76747518bbc8ed00bb432971c5d59aff85e1ffdcaa481f1fc4f196be4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14e27427674f1be474c887010463a6490d20be403d9cd02e07e1032107b20ec8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E11D235A0DA8E9FCF45EF6898056E97BB4FB55311B0041A7E04AC3251C638D950CB85
                                                                                                                                                                                                                          Function 00007FFEC82BFB98 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cdddb38a379838ace75e4de8cd1c14bd14e4c63417890901304cea68199a192c
                                                                                                                                                                                                                          • Instruction ID: e573936f44bdfa5e83ea02d251f33b1f1a7a5a508fae144655454ebdef914558
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdddb38a379838ace75e4de8cd1c14bd14e4c63417890901304cea68199a192c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C11A031909A8D8FCF99DF2888555E93BE0FF65304F0406AEE859D7661D674D614C780
                                                                                                                                                                                                                          Function 00007FFEC82B08A6 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f6dde6f97e519b46d0ac41fac40bba72dd108eb1bdc109d862f6227e8073e42d
                                                                                                                                                                                                                          • Instruction ID: a1f18e5406a7f1ca57e9a500c066891d316d706fac9f84c4bc203e3e73d24cb0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6dde6f97e519b46d0ac41fac40bba72dd108eb1bdc109d862f6227e8073e42d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D012661A0ED4D1EDB47FA7828181FEBBE4EBD9220B4001BBE68DC3196D9145B968385
                                                                                                                                                                                                                          Function 00007FFEC82BD16F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 491f3640e697b2c71c09e2ab260c69933e72e7dfd00771257af46f1b1a15b6c1
                                                                                                                                                                                                                          • Instruction ID: ef0b283d9aabdc74de258a5aeffcde492d4076df443b699ab67f65cb58ecd857
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 491f3640e697b2c71c09e2ab260c69933e72e7dfd00771257af46f1b1a15b6c1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A001EC30B1991D4FDB88EF6CE499ABCB7E1EF98315B10007AE40ED3262DE25A8418B40
                                                                                                                                                                                                                          Function 00007FFEC82BE69D Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c585d07ea68f59382b46f326c7ee82bcbb3c6fcb5aaa92841a816938479a058e
                                                                                                                                                                                                                          • Instruction ID: d81f05ec0dfc98ffbde8e038e6fd5363177e6862b3f6b12ce4d7b32d9aae89be
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c585d07ea68f59382b46f326c7ee82bcbb3c6fcb5aaa92841a816938479a058e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1801F93092C7444BD7587E34455A075BBD4EF88315F0408BEE48AC62E2EE29D581C642
                                                                                                                                                                                                                          Function 00007FFEC82B4FF9 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7788da3963c5a4515ed949598fd16855d27d392753f274179b0b1e28386d5d16
                                                                                                                                                                                                                          • Instruction ID: ea5a6568e30433ac3d085d471837cab90d8b4fb875b78fa6377408aade81b8e4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7788da3963c5a4515ed949598fd16855d27d392753f274179b0b1e28386d5d16
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03017C31A1CA0D8FDB08DF4CE485AE9FBE0FF99320F444269D00983651DA31A483CBC4
                                                                                                                                                                                                                          Function 00007FFEC82C0077 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e138d3e4bf486fa9e26a895932c6db3c7eafe926ab5bd5f1e6591ee28d39a949
                                                                                                                                                                                                                          • Instruction ID: fe869d79af88dffa217aef55095c9fb29ddd9bd749eb1671dace8cc67cc542f0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e138d3e4bf486fa9e26a895932c6db3c7eafe926ab5bd5f1e6591ee28d39a949
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A901FC20A2858C5EE349A778445A1B8BBC5DF49711F8504BDE88AD71D3ED1C69428345
                                                                                                                                                                                                                          Function 00007FFEC82BAE78 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8582842abe574d4660aeaca796cfb242b435823df8bd92eb6ef49b2dee5c8a98
                                                                                                                                                                                                                          • Instruction ID: 48bd81ec8adf776344c57d95f90b2789742b9be566f2befb56738bc574b0e42d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8582842abe574d4660aeaca796cfb242b435823df8bd92eb6ef49b2dee5c8a98
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D201B1B0E0AA890FEB8DEA38490D2B93BC1EF55304F4806BEE44BC71A2DA6855458380
                                                                                                                                                                                                                          Function 00007FFEC82BE324 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4f364a598048dc868f0623f38bf4ca2ae4a86ba48f76ee4482fa6a7e7f73d30f
                                                                                                                                                                                                                          • Instruction ID: 692d3f4387d4fdb073bcd4bd5513abf4bfa5dbc4cfe464c5af8f21de9d586957
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f364a598048dc868f0623f38bf4ca2ae4a86ba48f76ee4482fa6a7e7f73d30f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0011CE6140E2C40FD38A9B7849681BA7FD4AF8B300F4804FEF0CACB1E3CA086605D31A
                                                                                                                                                                                                                          Function 00007FFEC82BB545 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4922393f787a8ee6f4360b06d8cdfafe778d672d318b91abe1d56bb438aa356c
                                                                                                                                                                                                                          • Instruction ID: d37e41e328296fe99b96d624e111ba943ebc044f049ce2294e9490593b12b7f4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4922393f787a8ee6f4360b06d8cdfafe778d672d318b91abe1d56bb438aa356c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9015E7051DBC85FC399DB2C4458B76BFE4EFAA212F0405AED4CDD76A2CE645905C306
                                                                                                                                                                                                                          Function 00007FFEC82B25C3 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1d6698db7b88c37f8c7ae15af9890dafacc02753574daf512f3ff56a628092d1
                                                                                                                                                                                                                          • Instruction ID: b5ab7568fd45ba3dc447cbf0c1e06335c5e95acca4b31b61ce185750cb4e0da7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d6698db7b88c37f8c7ae15af9890dafacc02753574daf512f3ff56a628092d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D01D47210C7848FE315DB2E940C394BFE0EB65325F14456FC0AAC36A2C7B5A449CF02
                                                                                                                                                                                                                          Function 00007FFEC82B324A Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1bc892bc5aeafa183cf9b3d1a67cf542645ab10450235cd2611cbcdfc2a72813
                                                                                                                                                                                                                          • Instruction ID: 536b980c363862a70236b57a6639a12626045e774d0e18ce62b9e3f3d68eeca6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bc892bc5aeafa183cf9b3d1a67cf542645ab10450235cd2611cbcdfc2a72813
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE01D624A19A894AEB4C9A588418A7A77D5EFD5309F10423FE48BC71D2DE24D906C704
                                                                                                                                                                                                                          Function 00007FFEC82BFBCF Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 61fcce5f9a33de51acdd533de5c4f8d9c7777b71f8f3f325a396576a4bf1dc94
                                                                                                                                                                                                                          • Instruction ID: 12a5115a6d9dd668a8efc60910380b22d6cf8fd8a45eaf525d51d68c5d66f919
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61fcce5f9a33de51acdd533de5c4f8d9c7777b71f8f3f325a396576a4bf1dc94
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78F04F35A18A4C9BCF88EF6C98051EE77F5FB58300F00062EF41EE3240DB35AA548B46
                                                                                                                                                                                                                          Function 00007FFEC82B2286 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3e45bd4f225d12fb5201ca12712397690661f6798285ecb051f7f72435432317
                                                                                                                                                                                                                          • Instruction ID: 4824b9d47898ca59edc21686c8c3b30e85cee03d36b0fbe142481b332eff85b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e45bd4f225d12fb5201ca12712397690661f6798285ecb051f7f72435432317
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78F0C22580EB8A0FD34AA7B848180B03BE0EF8A21174A05BBD8D9D71A3D95D5A85C362
                                                                                                                                                                                                                          Function 00007FFEC82BE8A8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d95bf381d229c975c1b0ea71088969175fea57ce321ff6a4dad0cac3b0ff4941
                                                                                                                                                                                                                          • Instruction ID: f1ac5c684eeb244c792f2a039d7c7bc4689c50b57d4825aec6adfcf3912c3783
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d95bf381d229c975c1b0ea71088969175fea57ce321ff6a4dad0cac3b0ff4941
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40F0E431A1A94A8FDB88EE28D8556F973A1FF84305F400574F40E831A2CE29A911C744
                                                                                                                                                                                                                          Function 00007FFEC82BAB9C Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5850d41e0b43e8d5dca3e1f77232fc0267c6ebddca3566f039b39a6b985dd8bd
                                                                                                                                                                                                                          • Instruction ID: c9cd347568d8dedd87ac25b339a0cabc14216483bd58bce4133c64022e9941f9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5850d41e0b43e8d5dca3e1f77232fc0267c6ebddca3566f039b39a6b985dd8bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53F06D30A1DA5D4FDF98EF48A4986BDB3E1FBA8315F50046FE05AD3250C635A940C785
                                                                                                                                                                                                                          Function 00007FFEC82B6A6D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1bdfa36db1050060aabf6a46821d41381732f1debd21b4e947f89b8755ecaf0d
                                                                                                                                                                                                                          • Instruction ID: ed5d51aa0680c014c2586c8fcfcb42bf2affcd7d83b179c5e59ba891449ca0aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bdfa36db1050060aabf6a46821d41381732f1debd21b4e947f89b8755ecaf0d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F0B421B18D0E0BEB85FF9884556FEB7E5FF98310F400036F50FC2191DE14AD458684
                                                                                                                                                                                                                          Function 00007FFEC82BB560 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1e45f58a058b79805a74f6285f94ffa26d05b76c4d298cc541c8cac958054449
                                                                                                                                                                                                                          • Instruction ID: 705cf91ebc55b818f2ef2c14cb9841a3848e9c8b5579d6ba3c172bdea9008b55
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e45f58a058b79805a74f6285f94ffa26d05b76c4d298cc541c8cac958054449
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18F0307051CA885FC7A8EB2C845CB7ABBE1FBE9201F444A6ED48DD3761CE715805C745
                                                                                                                                                                                                                          Function 00007FFEC82BCFF7 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3455ba02986317824f327c5f59cfce0e69d7d8e250d6d9826614aa45a56c04da
                                                                                                                                                                                                                          • Instruction ID: eb0c08ad44823a5fff13c11d5fbede1fb00df93b72db51741fea61ce8a255c32
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3455ba02986317824f327c5f59cfce0e69d7d8e250d6d9826614aa45a56c04da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF03672A1C6424BC76CDE2CB5A60BA77D4DBD4325B14493FF19BC12E0CE255541860D
                                                                                                                                                                                                                          Function 00007FFEC82BB502 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a93001a724f6ef0c3fa2fd13b82a0a8a46c35b0f401f3fffd5c363de775a1227
                                                                                                                                                                                                                          • Instruction ID: a6dcc9cf2d2e437a447835ba81257511b8d7756a2690723eb37e1073bb9cb92b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a93001a724f6ef0c3fa2fd13b82a0a8a46c35b0f401f3fffd5c363de775a1227
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0F06D72A2CB185F8F44DE1CB8460EDB7D0FB9CB65B40226FF44AE3210CA31A8414BC2
                                                                                                                                                                                                                          Function 00007FFEC82BABAE Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 20c2493f740fade136bdd7074dba572cb7ae51f9ef7c278cdba2fade6654b269
                                                                                                                                                                                                                          • Instruction ID: 8d0292735282fd9e4ec35cb0b6805d6074e3e2a5faa0aac038cc7227d69bb298
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20c2493f740fade136bdd7074dba572cb7ae51f9ef7c278cdba2fade6654b269
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F05E30A1DA588FDB98EF48A4555FDB7E1FB98314F10046FF05AD3251C635AA00C7C5
                                                                                                                                                                                                                          Function 00007FFEC82B323B Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8ad05cf3f3e13fa4f266033c114eec2b7d1f79a6218e4b8ad5d83c519939de27
                                                                                                                                                                                                                          • Instruction ID: 5a92eb47da566cbeedd3b54b09982fe834433c8f183879c0879916143285ecbd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ad05cf3f3e13fa4f266033c114eec2b7d1f79a6218e4b8ad5d83c519939de27
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98F03020A2855D5AEB5CDA68C554ABA73D5FF88305F10423EF48BD35C1DF24E901C604
                                                                                                                                                                                                                          Function 00007FFEC82B6CC8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5199f5905ad51540e63fe50fa004286926fa410f2b22dcfd8f04bf1c96e2ce41
                                                                                                                                                                                                                          • Instruction ID: 67767c99e423f3de34780daacdb7eb5d0e19d8a0ffab4e29fb4398498ea82239
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5199f5905ad51540e63fe50fa004286926fa410f2b22dcfd8f04bf1c96e2ce41
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92F0373171D60E4FE75CAA5CA8515B4B3D5EF85314F500179E40AC7252DD6AA841C685
                                                                                                                                                                                                                          Function 00007FFEC82BD11C Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 123f9782297d1db64f28bcc2e277a6c31554a47898dc7281dddaff0883565f09
                                                                                                                                                                                                                          • Instruction ID: 4a7fb2e53886ba8efd1134c86c71bd37cb2abd0892604ffc8d1cab4ffc25aff6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 123f9782297d1db64f28bcc2e277a6c31554a47898dc7281dddaff0883565f09
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FF01C72B0C6468B474CDF38A45613E7BE2EB89361B10473FB05FD23A1CE3584414A4A
                                                                                                                                                                                                                          Function 00007FFEC83C007B Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2059842164.00007FFEC83C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC83C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec83c0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 254e274552671ba1a019786ea6b81745a800eb14e08bccf58762341e0bbf5c22
                                                                                                                                                                                                                          • Instruction ID: 0624af5e4177037117f959cab15ba908ebb50d27105f1a6a50ac7b5553e0966f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 254e274552671ba1a019786ea6b81745a800eb14e08bccf58762341e0bbf5c22
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48E0DF50A1AD4D3EA29C616D481E97B38CCDBAE161B00013FF04DD22A3EC8AAC0242A1
                                                                                                                                                                                                                          Function 00007FFEC82B80D4 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bad3b9889b3e4a52115aca83114077f4ed2b6a9ce85f58b16d1be95350e67f5b
                                                                                                                                                                                                                          • Instruction ID: 9ae62c71cfb010f3dcc594830acff5781a13f1e52613c928dd6b7cb62617e3d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bad3b9889b3e4a52115aca83114077f4ed2b6a9ce85f58b16d1be95350e67f5b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF08C32A19A0A8FDF49DE48D8919FD77B5EF8C384B100069E45EE3292CE256912C756
                                                                                                                                                                                                                          Function 00007FFEC82BFC1B Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8c472a1cd9d70a76327ce7ed79b5969d1402de5ddbdd5fdbd110dcb1200a8db4
                                                                                                                                                                                                                          • Instruction ID: a87734d11d15e684546f4cf879a280374247c2c0b5780db93d4b7bd6ed2665a9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c472a1cd9d70a76327ce7ed79b5969d1402de5ddbdd5fdbd110dcb1200a8db4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEF01C74A08B8C9BCF48EF6C98151EE7BF1FB58300F00455EF459D3251DA719A148B85
                                                                                                                                                                                                                          Function 00007FFEC82C0D84 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ddf6ed8c7e4361d6352be09dd4c0cabb1ccb853e4e2b66cde5dad25799b6bb08
                                                                                                                                                                                                                          • Instruction ID: 51970e06395b784c5239279079d1399ccfeca034b8a0300eceabad7f104d12e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddf6ed8c7e4361d6352be09dd4c0cabb1ccb853e4e2b66cde5dad25799b6bb08
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13F05474408B888FD766EF3984583547FF0EF26315F1485AED0EAC7662CB74A548CB12
                                                                                                                                                                                                                          Function 00007FFEC82B1B03 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5dac17f0c341b16ac98040b4eb70329de298fbbeb28679b901c5c5d6942c90d2
                                                                                                                                                                                                                          • Instruction ID: b68d388fb9a8eeeff4dd312756c032aa480d6bc257fe34a292a25a9ef81f9f36
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dac17f0c341b16ac98040b4eb70329de298fbbeb28679b901c5c5d6942c90d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72E09276C0A64CEAEB0ABF10A9554FDBB38FF50304F9002A6F15B420A2EF716758C681
                                                                                                                                                                                                                          Function 00007FFEC82B8CF7 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9b6ad82b01353da790b81182879b0b73b3f16fded5ff2c84e3e9df6f1c46d03f
                                                                                                                                                                                                                          • Instruction ID: f9919623ae2d8081c2af414c9e4fef79c9e1515fdcfca295963427386cea82fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b6ad82b01353da790b81182879b0b73b3f16fded5ff2c84e3e9df6f1c46d03f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4E01221915D6D5AD755FA14C8497F972A5FBA4300F1001B5A40FE3166ED34AF808B80
                                                                                                                                                                                                                          Function 00007FFEC82C0B4D Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d5de500fe1084972cc63cc0b27be63ae57c2a797a89e520839b08f02bfd5eabb
                                                                                                                                                                                                                          • Instruction ID: 86db267f5d3eae51edf6ac629332544e15b528eb80841ec9b61c4aea89df1682
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5de500fe1084972cc63cc0b27be63ae57c2a797a89e520839b08f02bfd5eabb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECF0826280D3C98EF71B9735495C3A87F75AB52308FA800DBD1954B0A3D95D82AAC356
                                                                                                                                                                                                                          Function 00007FFEC82B22C1 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7f9e77eb8561e3516f24fdbef6a854d11b2a532dcd317d664b00c447a49a2b3f
                                                                                                                                                                                                                          • Instruction ID: 12dd3da34ccd8b00127a95201e9b05b7e0821a81b4b36560e9af2417e7768dce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f9e77eb8561e3516f24fdbef6a854d11b2a532dcd317d664b00c447a49a2b3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99D0C221C0AE2B05EA1DBAD858AD0B49388EFC4310741083BE86FC2150CC0C6A82C158
                                                                                                                                                                                                                          Function 00007FFEC82BBA97 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dfac92be5bf10b994d60bda2082ec2872dca2530461151004719aefbb9ee5920
                                                                                                                                                                                                                          • Instruction ID: 8cbd008636d61066c073c243e837232aba75319bd80146d0b3d481afdbc5ca7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfac92be5bf10b994d60bda2082ec2872dca2530461151004719aefbb9ee5920
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE0BF30D15A1A9EE768BF7484591BCBAE5FF58701F60047DE409D3293DE386581CF45
                                                                                                                                                                                                                          Function 00007FFEC82BDB47 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f45e333c7b2c4a41614ccd5b262593be68fe7b22f303b6a73d6a61ac403c02ad
                                                                                                                                                                                                                          • Instruction ID: 586a73207ab76fd217103df62b3e98f8ce3e70d1a4d017796361ef2c61baff87
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f45e333c7b2c4a41614ccd5b262593be68fe7b22f303b6a73d6a61ac403c02ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71E0C26126D8C95FD742AB3428980F93FD19E961143A808F9C885CF272C82A85874340
                                                                                                                                                                                                                          Function 00007FFEC82B1B71 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a67adf7809c10ae2d3cc1fd4240571acc39e18fb380800d0e5db46ac772383a6
                                                                                                                                                                                                                          • Instruction ID: f5d4af0b5e0f94ed590c3b822225a1c400a753aa28edcfdc7239de5ee6786f82
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a67adf7809c10ae2d3cc1fd4240571acc39e18fb380800d0e5db46ac772383a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBE08662D0FBD50FD36A9768186A2E87FA09F96621B4E01EBD044CF5E3E94D9C85C342
                                                                                                                                                                                                                          Function 00007FFEC82B1E18 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1c4c6402151a13097ef15ad6e72d4b48dde9aedf788ae39e5f1f7be58e13f4d0
                                                                                                                                                                                                                          • Instruction ID: c268377c4d88aadad6b2f4d648f1fb0d19a9936f07b0b82b6577e74ce55261b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4c6402151a13097ef15ad6e72d4b48dde9aedf788ae39e5f1f7be58e13f4d0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AD01721A4680E8FDA48FE58A9521FEB356EF89310F810031F51EC31D2CD256D20C744
                                                                                                                                                                                                                          Function 00007FFEC82B4162 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5e703daed4d8254455a5fd40990b561db812c008da037117aabd5adb2db183f5
                                                                                                                                                                                                                          • Instruction ID: 31b5871b7a9bc8c9332f40f07344b56c3616767fd9ea8603c85ea558b8299f27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e703daed4d8254455a5fd40990b561db812c008da037117aabd5adb2db183f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5ED02B22C4F61246D3456D68120D2B07754DF85321F0A11B5F8595B1B1C8081D828A91
                                                                                                                                                                                                                          Function 00007FFEC82B2CE5 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 31bce2d5ccdab1ffc90c42c05898e80019d2539f73af8ac8ffff5a9b28d9e87f
                                                                                                                                                                                                                          • Instruction ID: 271a0f4820cc8825429904b5afb745328f233a847ae847033ec474e05bd4a965
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31bce2d5ccdab1ffc90c42c05898e80019d2539f73af8ac8ffff5a9b28d9e87f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BC08C7360C20C8CFB0C664DB8031F8B790E782239F00417BE28B42813E64730378AC9
                                                                                                                                                                                                                          Function 00007FFEC82B0A23 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0f7041396edefb68064cf308464978152b84ed93fb5ebebd2d7bfe7269e7c7d4
                                                                                                                                                                                                                          • Instruction ID: 6e9e2a967d0f945506a3e3110a77f790e6c1f77331b0715b728af89a19d036d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f7041396edefb68064cf308464978152b84ed93fb5ebebd2d7bfe7269e7c7d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0C01200F188090AA599B2B800A927C84C3EBCC201F4000B6E40EE33D3EC0CAE810284
                                                                                                                                                                                                                          Function 00007FFEC82B6F05 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bf1c9353a4fa269eeb4bf0c96f4fe84a332cc04bcecc0d1f50878f6c8b83fc1e
                                                                                                                                                                                                                          • Instruction ID: 410269a164cca75786fe8cddef2b7243c6f7321e51e7262fc2d14a0587952641
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf1c9353a4fa269eeb4bf0c96f4fe84a332cc04bcecc0d1f50878f6c8b83fc1e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BD0A761D19C068BFB4EB63445458BD72A2DF54340750407BE44FC229BDD2D9E464341
                                                                                                                                                                                                                          Function 00007FFEC82B30FB Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8ffd06acc628c0c7b5ab5735423e8c150312b7bdc66820e8abd996bc1ad38cb0
                                                                                                                                                                                                                          • Instruction ID: 58b9588b42afa393935e6b942b23393d85d7bdc0a00575a7afca9e64e49061d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ffd06acc628c0c7b5ab5735423e8c150312b7bdc66820e8abd996bc1ad38cb0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EC01240C1F58215EE0D2965154D0743D984F52310F9980F9E08A462E3984A17458315
                                                                                                                                                                                                                          Function 00007FFEC82B6F36 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b0000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 93743a331dfa1e6f7e1f38857c785b3234bce2f58b2836a022a57fcbff6ab0b8
                                                                                                                                                                                                                          • Instruction ID: 95cd5bed96ecf077a1f8ff8ff30a9afea894c498e2d513b18524d0a7194d988f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93743a331dfa1e6f7e1f38857c785b3234bce2f58b2836a022a57fcbff6ab0b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2C04820B0580E4E6ACCEE6C015977924C2DBAC341710006B680EC23A6CC299D844380
                                                                                                                                                                                                                          Function 00007FFEC82BEE80 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c975bcd7ec64161c482091d903921d7c1e4940284dd0fd759258464a82e197d6
                                                                                                                                                                                                                          • Instruction ID: 72e0e23c11d320f0402e39e84750ab62bca1dc2e583a7d3d9cb4961491e52208
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c975bcd7ec64161c482091d903921d7c1e4940284dd0fd759258464a82e197d6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13A0120178A40D055448605C34410FC618587C81207C41431E409C0295D84D09C20242
                                                                                                                                                                                                                          Function 00007FFEC82B8B20 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000016.00000002.2058544421.00007FFEC82B8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEC82B8000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_22_2_7ffec82b8000_Updater.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bb9e67e9d906c1a53ab85f99d69636d8ad901ea07b68f656f319b5263c637255
                                                                                                                                                                                                                          • Instruction ID: b249b2a935e40dc5c4c481dcc28387d6f2bbec418428b336b2d5fc84d1f6b6f6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb9e67e9d906c1a53ab85f99d69636d8ad901ea07b68f656f319b5263c637255
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBB01224A1ACDD56DB09AA18541C1F57290E7A8341F200165B00EC7392DC20AA808A04